chore(release): 2.48.1

Co-authored-by: Henrique Dias <mail@hacdias.com>

.github/workflows/ci.yaml

@@ -97,7 +97,7 @@ jobs:
         uses: docker/setup-buildx-action@v3
       - name: Install Task
         uses: go-task/setup-task@v1
-      - run: task build-frontend
+      - run: task build:frontend
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:

CHANGELOG.md

@@ -2,6 +2,52 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [2.48.1](https://github.com/filebrowser/filebrowser/compare/v2.48.0...v2.48.1) (2025-11-17)
+
+
+### Bug Fixes
+
+* options should only override if set ([420adea](https://github.com/filebrowser/filebrowser/commit/420adea7e61a1c182cddd6fb2544a0752e5709f7))
+
+## [2.48.0](https://github.com/filebrowser/filebrowser/compare/v2.47.0...v2.48.0) (2025-11-17)
+
+
+### Features
+
+* consistent flags and environment variables ([#5549](https://github.com/filebrowser/filebrowser/issues/5549)) ([0a0cb80](https://github.com/filebrowser/filebrowser/commit/0a0cb8046fce52f1ff926171b34bcdb7cd39aab3))
+
+
+### Bug Fixes
+
+* add tokenExpirationTime to `config init` and troubleshoot docs ([#5546](https://github.com/filebrowser/filebrowser/issues/5546)) ([8c5dc76](https://github.com/filebrowser/filebrowser/commit/8c5dc7641e6f8aadd9e5d5d3b25a2ad9f1ec9a1e))
+* use all available flags in quick setup ([f41585f](https://github.com/filebrowser/filebrowser/commit/f41585f0392d65c08c01ab65b62d3eeb04c03b7d))
+
+
+### Refactorings
+
+* reuse logic for config init and set ([89be0b1](https://github.com/filebrowser/filebrowser/commit/89be0b1873527987dd2dddac746e93b8bc684d46))
+
+## [2.47.0](https://github.com/filebrowser/filebrowser/compare/v2.46.1...v2.47.0) (2025-11-16)
+
+
+### Features
+
+* add TUS settings to the command line ([#5556](https://github.com/filebrowser/filebrowser/issues/5556)) ([e24e1f1](https://github.com/filebrowser/filebrowser/commit/e24e1f1abae9e80add620c4ad65660ca1b575a49))
+* remove importer of v1 config ([#5550](https://github.com/filebrowser/filebrowser/issues/5550)) ([ceb5e72](https://github.com/filebrowser/filebrowser/commit/ceb5e723f3ee2c966bb561a804015246450280ca))
+
+
+### Bug Fixes
+
+* exit 0 when gracefully shutting down ([#5555](https://github.com/filebrowser/filebrowser/issues/5555)) ([5de4099](https://github.com/filebrowser/filebrowser/commit/5de4099cba2cf012d4a213c8eb29c412fc72c151))
+
+## [2.46.1](https://github.com/filebrowser/filebrowser/compare/v2.46.0...v2.46.1) (2025-11-15)
+
+
+### Bug Fixes
+
+* env key replacer and remove unused function ([#5547](https://github.com/filebrowser/filebrowser/issues/5547)) ([13814e1](https://github.com/filebrowser/filebrowser/commit/13814e11197ebd9101940883e3ca85998f86d442))
+* remove duplicated 'hide-defaults' flag (is 'hideDefaults') ([#5548](https://github.com/filebrowser/filebrowser/issues/5548)) ([ffc8504](https://github.com/filebrowser/filebrowser/commit/ffc850454e4cb8f10b970511681d6c627340afc7))
+
 ## [2.46.0](https://github.com/filebrowser/filebrowser/compare/v2.45.3...v2.46.0) (2025-11-14)
 
 

CONTRIBUTING.md

@@ -86,7 +86,7 @@ task docs
 To start a local server on port `8000` to view the built documentation:
 
 ```bash
-task docs-serve
+task docs:serve
 ```
 
 ## Release

Taskfile.yml

@@ -10,14 +10,14 @@ vars:
     -v ./CONTRIBUTING.md:/docs/docs/contributing.md
 
 tasks:
-  build-frontend:
+  build:frontend:
     desc: Build frontend assets
     dir: frontend
     cmds:
       - pnpm install --frozen-lockfile
       - pnpm run build
 
-  build-backend:
+  build:backend:
     desc: Build backend binary
     cmds:
       - go build -ldflags='-s -w -X "github.com/filebrowser/filebrowser/v2/version.Version={{.VERSION}}" -X "github.com/filebrowser/filebrowser/v2/version.CommitSHA={{.GIT_COMMIT}}"' -o filebrowser .
@@ -30,16 +30,16 @@ tasks:
   build:
     desc: Build both frontend and backend
     cmds:
-      - task: build-frontend
+      - task: build:frontend
-      - task: build-backend
+      - task: build:backend
 
-  release-make:
+  release:make:
     internal: true
     prompt: Do you wish to proceed?
     cmds:
       - pnpm dlx commit-and-tag-version -s
 
-  release-dry-run:
+  release:dry-run:
     internal: true
     cmds:
       - pnpm dlx commit-and-tag-version --dry-run --skip
@@ -47,10 +47,24 @@ tasks:
   release:
     desc: Create a new release
     cmds:
-      - task: release-dry-run
+      - task: docs:cli:generate
-      - task: release-make
+      - git add www/docs/cli
+      - |
+        if [[ `git status www/docs/cli --porcelain` ]]; then
+          git commit -m 'chore(docs): update CLI documentation'
+        fi
+      - task: release:dry-run
+      - task: release:make
 
-  docs-image-make:
+  docs:cli:generate:
+    cmds:
+      - rm -rf www/docs/cli
+      - mkdir -p www/docs/cli
+      - go run . docs
+    generates:
+      - www/docs/cli
+
+  docs:docker:generate:
     internal: true
     cmds: 
       - docker build -f www/Dockerfile --progress=plain -t filebrowser.site www
@@ -59,11 +73,11 @@ tasks:
     desc: Generate documentation
     cmds:
       - rm -rf www/public
-      - task: docs-image-make
+      - task: docs:docker:generate
       - docker run --rm {{.SITE_DOCKER_FLAGS}} filebrowser.site build -d "public"
 
-  docs-serve:
+  docs:serve:
     desc: Serve documentation
     cmds:
-      - task: docs-image-make
+      - task: docs:docker:generate
       - docker run --rm -it -p 8000:8000 {{.SITE_DOCKER_FLAGS}} filebrowser.site

auth/hook.go

@@ -103,7 +103,7 @@ func (a *HookAuth) RunCommand() (string, error) {
 		command[i] = os.Expand(arg, envMapping)
 	}
 
-	cmd := exec.Command(command[0], command[1:]...) //nolint:gosec
+	cmd := exec.Command(command[0], command[1:]...)
 	cmd.Env = append(os.Environ(), fmt.Sprintf("USERNAME=%s", a.Cred.Username))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("PASSWORD=%s", a.Cred.Password))
 	out, err := cmd.Output()

auth/json.go

@@ -40,7 +40,7 @@ func (a JSONAuth) Auth(r *http.Request, usr users.Store, _ *settings.Settings, s
 
 	// If ReCaptcha is enabled, check the code.
 	if a.ReCaptcha != nil && a.ReCaptcha.Secret != "" {
-		ok, err := a.ReCaptcha.Ok(cred.ReCaptcha) //nolint:govet
+		ok, err := a.ReCaptcha.Ok(cred.ReCaptcha)
 
 		if err != nil {
 			return nil, err

cmd/cmd_test.go

@@ -0,0 +1,35 @@
+package cmd
+
+import (
+	"testing"
+
+	"github.com/samber/lo"
+	"github.com/spf13/cobra"
+)
+
+// TestEnvCollisions ensures that there are no collisions in the produced environment
+// variable names for all commands and their flags.
+func TestEnvCollisions(t *testing.T) {
+	testEnvCollisions(t, rootCmd)
+}
+
+func testEnvCollisions(t *testing.T, cmd *cobra.Command) {
+	for _, cmd := range cmd.Commands() {
+		testEnvCollisions(t, cmd)
+	}
+
+	replacements := generateEnvKeyReplacements(cmd)
+	envVariables := []string{}
+
+	for i := range replacements {
+		if i%2 != 0 {
+			envVariables = append(envVariables, replacements[i])
+		}
+	}
+
+	duplicates := lo.FindDuplicates(envVariables)
+
+	if len(duplicates) > 0 {
+		t.Errorf("Found duplicate environment variable keys for command %q: %v", cmd.Name(), duplicates)
+	}
+}

cmd/cmds_ls.go

@@ -19,7 +19,8 @@ var cmdsLsCmd = &cobra.Command{
 		if err != nil {
 			return err
 		}
-		evt, err := getString(cmd.Flags(), "event")
+
+		evt, err := cmd.Flags().GetString("event")
 		if err != nil {
 			return err
 		}
@@ -32,6 +33,7 @@ var cmdsLsCmd = &cobra.Command{
 			show["after_"+evt] = s.Commands["after_"+evt]
 			printEvents(show)
 		}
+
 		return nil
 	}, pythonConfig{}),
 }

cmd/config.go

@@ -30,12 +30,18 @@ var configCmd = &cobra.Command{
 func addConfigFlags(flags *pflag.FlagSet) {
 	addServerFlags(flags)
 	addUserFlags(flags)
+
 	flags.BoolP("signup", "s", false, "allow users to signup")
-	flags.Bool("hide-login-button", false, "hide login button from public pages")
+	flags.Bool("hideLoginButton", false, "hide login button from public pages")
-	flags.Bool("create-user-dir", false, "generate user's home directory automatically")
+	flags.Bool("createUserDir", false, "generate user's home directory automatically")
-	flags.Uint("minimum-password-length", settings.DefaultMinimumPasswordLength, "minimum password length for new users")
+	flags.Uint("minimumPasswordLength", settings.DefaultMinimumPasswordLength, "minimum password length for new users")
 	flags.String("shell", "", "shell command to which other commands should be appended")
 
+	// NB: these are string so they can be presented as octal in the help text
+	// as that's the conventional representation for modes in Unix.
+	flags.String("fileMode", fmt.Sprintf("%O", settings.DefaultFileMode), "mode bits that new files are created with")
+	flags.String("dirMode", fmt.Sprintf("%O", settings.DefaultDirMode), "mode bits that new directories are created with")
+
 	flags.String("auth.method", string(auth.MethodJSONAuth), "authentication type")
 	flags.String("auth.header", "", "HTTP header for auth.method=proxy")
 	flags.String("auth.command", "", "command for auth.method=hook")
@@ -50,14 +56,13 @@ func addConfigFlags(flags *pflag.FlagSet) {
 	flags.String("branding.files", "", "path to directory with images and custom styles")
 	flags.Bool("branding.disableExternal", false, "disable external links such as GitHub links")
 	flags.Bool("branding.disableUsedPercentage", false, "disable used disk percentage graph")
-	// NB: these are string so they can be presented as octal in the help text
+
-	// as that's the conventional representation for modes in Unix.
+	flags.Uint64("tus.chunkSize", settings.DefaultTusChunkSize, "the tus chunk size")
-	flags.String("file-mode", fmt.Sprintf("%O", settings.DefaultFileMode), "Mode bits that new files are created with")
+	flags.Uint16("tus.retryCount", settings.DefaultTusRetryCount, "the tus retry count")
-	flags.String("dir-mode", fmt.Sprintf("%O", settings.DefaultDirMode), "Mode bits that new directories are created with")
 }
 
 func getAuthMethod(flags *pflag.FlagSet, defaults ...interface{}) (settings.AuthMethod, map[string]interface{}, error) {
-	methodStr, err := getString(flags, "auth.method")
+	methodStr, err := flags.GetString("auth.method")
 	if err != nil {
 		return "", nil, err
 	}
@@ -88,7 +93,7 @@ func getAuthMethod(flags *pflag.FlagSet, defaults ...interface{}) (settings.Auth
 }
 
 func getProxyAuth(flags *pflag.FlagSet, defaultAuther map[string]interface{}) (auth.Auther, error) {
-	header, err := getString(flags, "auth.header")
+	header, err := flags.GetString("auth.header")
 	if err != nil {
 		return nil, err
 	}
@@ -110,15 +115,17 @@ func getNoAuth() auth.Auther {
 
 func getJSONAuth(flags *pflag.FlagSet, defaultAuther map[string]interface{}) (auth.Auther, error) {
 	jsonAuth := &auth.JSONAuth{}
-	host, err := getString(flags, "recaptcha.host")
+	host, err := flags.GetString("recaptcha.host")
 	if err != nil {
 		return nil, err
 	}
-	key, err := getString(flags, "recaptcha.key")
+
+	key, err := flags.GetString("recaptcha.key")
 	if err != nil {
 		return nil, err
 	}
-	secret, err := getString(flags, "recaptcha.secret")
+
+	secret, err := flags.GetString("recaptcha.secret")
 	if err != nil {
 		return nil, err
 	}
@@ -146,11 +153,10 @@ func getJSONAuth(flags *pflag.FlagSet, defaultAuther map[string]interface{}) (au
 }
 
 func getHookAuth(flags *pflag.FlagSet, defaultAuther map[string]interface{}) (auth.Auther, error) {
-	command, err := getString(flags, "auth.command")
+	command, err := flags.GetString("auth.command")
 	if err != nil {
 		return nil, err
 	}
-
 	if command == "" {
 		command = defaultAuther["command"].(string)
 	}
@@ -198,6 +204,7 @@ func printSettings(ser *settings.Server, set *settings.Settings, auther auth.Aut
 	fmt.Fprintf(w, "Minimum Password Length:\t%d\n", set.MinimumPasswordLength)
 	fmt.Fprintf(w, "Auth Method:\t%s\n", set.AuthMethod)
 	fmt.Fprintf(w, "Shell:\t%s\t\n", strings.Join(set.Shell, " "))
+
 	fmt.Fprintln(w, "\nBranding:")
 	fmt.Fprintf(w, "\tName:\t%s\n", set.Branding.Name)
 	fmt.Fprintf(w, "\tFiles override:\t%s\n", set.Branding.Files)
@@ -205,6 +212,7 @@ func printSettings(ser *settings.Server, set *settings.Settings, auther auth.Aut
 	fmt.Fprintf(w, "\tDisable used disk percentage graph:\t%t\n", set.Branding.DisableUsedPercentage)
 	fmt.Fprintf(w, "\tColor:\t%s\n", set.Branding.Color)
 	fmt.Fprintf(w, "\tTheme:\t%s\n", set.Branding.Theme)
+
 	fmt.Fprintln(w, "\nServer:")
 	fmt.Fprintf(w, "\tLog:\t%s\n", ser.Log)
 	fmt.Fprintf(w, "\tPort:\t%s\n", ser.Port)
@@ -214,7 +222,16 @@ func printSettings(ser *settings.Server, set *settings.Settings, auther auth.Aut
 	fmt.Fprintf(w, "\tAddress:\t%s\n", ser.Address)
 	fmt.Fprintf(w, "\tTLS Cert:\t%s\n", ser.TLSCert)
 	fmt.Fprintf(w, "\tTLS Key:\t%s\n", ser.TLSKey)
+	fmt.Fprintf(w, "\tToken Expiration Time:\t%s\n", ser.TokenExpirationTime)
 	fmt.Fprintf(w, "\tExec Enabled:\t%t\n", ser.EnableExec)
+	fmt.Fprintf(w, "\tThumbnails Enabled:\t%t\n", ser.EnableThumbnails)
+	fmt.Fprintf(w, "\tResize Preview:\t%t\n", ser.ResizePreview)
+	fmt.Fprintf(w, "\tType Detection by Header:\t%t\n", ser.TypeDetectionByHeader)
+
+	fmt.Fprintln(w, "\nTUS:")
+	fmt.Fprintf(w, "\tChunk size:\t%d\n", set.Tus.ChunkSize)
+	fmt.Fprintf(w, "\tRetry count:\t%d\n", set.Tus.RetryCount)
+
 	fmt.Fprintln(w, "\nDefaults:")
 	fmt.Fprintf(w, "\tScope:\t%s\n", set.Defaults.Scope)
 	fmt.Fprintf(w, "\tHideDotfiles:\t%t\n", set.Defaults.HideDotfiles)
@@ -225,9 +242,11 @@ func printSettings(ser *settings.Server, set *settings.Settings, auther auth.Aut
 	fmt.Fprintf(w, "\tDirectory Creation Mode:\t%O\n", set.DirMode)
 	fmt.Fprintf(w, "\tCommands:\t%s\n", strings.Join(set.Defaults.Commands, " "))
 	fmt.Fprintf(w, "\tAce editor syntax highlighting theme:\t%s\n", set.Defaults.AceEditorTheme)
+
 	fmt.Fprintf(w, "\tSorting:\n")
 	fmt.Fprintf(w, "\t\tBy:\t%s\n", set.Defaults.Sorting.By)
 	fmt.Fprintf(w, "\t\tAsc:\t%t\n", set.Defaults.Sorting.Asc)
+
 	fmt.Fprintf(w, "\tPermissions:\n")
 	fmt.Fprintf(w, "\t\tAdmin:\t%t\n", set.Defaults.Perm.Admin)
 	fmt.Fprintf(w, "\t\tExecute:\t%t\n", set.Defaults.Perm.Execute)
@@ -237,6 +256,7 @@ func printSettings(ser *settings.Server, set *settings.Settings, auther auth.Aut
 	fmt.Fprintf(w, "\t\tDelete:\t%t\n", set.Defaults.Perm.Delete)
 	fmt.Fprintf(w, "\t\tShare:\t%t\n", set.Defaults.Perm.Share)
 	fmt.Fprintf(w, "\t\tDownload:\t%t\n", set.Defaults.Perm.Download)
+
 	w.Flush()
 
 	b, err := json.MarshalIndent(auther, "", "  ")
@@ -246,3 +266,118 @@ func printSettings(ser *settings.Server, set *settings.Settings, auther auth.Aut
 	fmt.Printf("\nAuther configuration (raw):\n\n%s\n\n", string(b))
 	return nil
 }
+
+func getSettings(flags *pflag.FlagSet, set *settings.Settings, ser *settings.Server, auther auth.Auther, all bool) (auth.Auther, error) {
+	errs := []error{}
+	hasAuth := false
+
+	visit := func(flag *pflag.Flag) {
+		var err error
+
+		switch flag.Name {
+		// Server flags from [addServerFlags]
+		case "address":
+			ser.Address, err = flags.GetString(flag.Name)
+		case "log":
+			ser.Log, err = flags.GetString(flag.Name)
+		case "port":
+			ser.Port, err = flags.GetString(flag.Name)
+		case "cert":
+			ser.TLSCert, err = flags.GetString(flag.Name)
+		case "key":
+			ser.TLSKey, err = flags.GetString(flag.Name)
+		case "root":
+			ser.Root, err = flags.GetString(flag.Name)
+		case "socket":
+			ser.Socket, err = flags.GetString(flag.Name)
+		case "baseURL":
+			ser.BaseURL, err = flags.GetString(flag.Name)
+		case "tokenExpirationTime":
+			ser.TokenExpirationTime, err = flags.GetString(flag.Name)
+		case "disableThumbnails":
+			ser.EnableThumbnails, err = flags.GetBool(flag.Name)
+			ser.EnableThumbnails = !ser.EnableThumbnails
+		case "disablePreviewResize":
+			ser.ResizePreview, err = flags.GetBool(flag.Name)
+			ser.ResizePreview = !ser.ResizePreview
+		case "disableExec":
+			ser.EnableExec, err = flags.GetBool(flag.Name)
+			ser.EnableExec = !ser.EnableExec
+		case "disableTypeDetectionByHeader":
+			ser.TypeDetectionByHeader, err = flags.GetBool(flag.Name)
+			ser.TypeDetectionByHeader = !ser.TypeDetectionByHeader
+
+		// Settings flags from [addConfigFlags]
+		case "signup":
+			set.Signup, err = flags.GetBool(flag.Name)
+		case "hideLoginButton":
+			set.HideLoginButton, err = flags.GetBool(flag.Name)
+		case "createUserDir":
+			set.CreateUserDir, err = flags.GetBool(flag.Name)
+		case "minimumPasswordLength":
+			set.MinimumPasswordLength, err = flags.GetUint(flag.Name)
+		case "shell":
+			var shell string
+			shell, err = flags.GetString(flag.Name)
+			if err == nil {
+				set.Shell = convertCmdStrToCmdArray(shell)
+			}
+		case "fileMode":
+			set.FileMode, err = getAndParseFileMode(flags, flag.Name)
+		case "dirMode":
+			set.DirMode, err = getAndParseFileMode(flags, flag.Name)
+		case "auth.method":
+			hasAuth = true
+		case "branding.name":
+			set.Branding.Name, err = flags.GetString(flag.Name)
+		case "branding.theme":
+			set.Branding.Theme, err = flags.GetString(flag.Name)
+		case "branding.color":
+			set.Branding.Color, err = flags.GetString(flag.Name)
+		case "branding.files":
+			set.Branding.Files, err = flags.GetString(flag.Name)
+		case "branding.disableExternal":
+			set.Branding.DisableExternal, err = flags.GetBool(flag.Name)
+		case "branding.disableUsedPercentage":
+			set.Branding.DisableUsedPercentage, err = flags.GetBool(flag.Name)
+		case "tus.chunkSize":
+			set.Tus.ChunkSize, err = flags.GetUint64(flag.Name)
+		case "tus.retryCount":
+			set.Tus.RetryCount, err = flags.GetUint16(flag.Name)
+		}
+
+		if err != nil {
+			errs = append(errs, err)
+		}
+	}
+
+	if all {
+		flags.VisitAll(visit)
+	} else {
+		flags.Visit(visit)
+	}
+
+	err := nerrors.Join(errs...)
+	if err != nil {
+		return nil, err
+	}
+
+	err = getUserDefaults(flags, &set.Defaults, all)
+	if err != nil {
+		return nil, err
+	}
+
+	if all {
+		set.AuthMethod, auther, err = getAuthentication(flags)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		set.AuthMethod, auther, err = getAuthentication(flags, hasAuth, set, auther)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return auther, nil
+}

cmd/config_import.go

@@ -37,7 +37,7 @@ The path must be for a json or yaml file.`,
 	RunE: python(func(_ *cobra.Command, args []string, d *pythonData) error {
 		var key []byte
 		var err error
-		if d.hadDB {
+		if d.databaseExisted {
 			settings, settingErr := d.store.Settings.Get()
 			if settingErr != nil {
 				return settingErr
@@ -104,7 +104,7 @@ The path must be for a json or yaml file.`,
 		}
 
 		return printSettings(file.Server, file.Settings, auther)
-	}, pythonConfig{allowNoDB: true}),
+	}, pythonConfig{allowsNoDatabase: true}),
 }
 
 func getAuther(sample auth.Auther, data interface{}) (interface{}, error) {

cmd/config_init.go

@@ -23,156 +23,29 @@ to the defaults when creating new users and you don't
 override the options.`,
 	Args: cobra.NoArgs,
 	RunE: python(func(cmd *cobra.Command, _ []string, d *pythonData) error {
-		defaults := settings.UserDefaults{}
 		flags := cmd.Flags()
-		err := getUserDefaults(flags, &defaults, true)
+
-		if err != nil {
+		// Initialize config
-			return err
+		s := &settings.Settings{Key: generateKey()}
-		}
+		ser := &settings.Server{}
-		authMethod, auther, err := getAuthentication(flags)
+
+		// Fill config with options
+		auther, err := getSettings(flags, s, ser, nil, true)
 		if err != nil {
 			return err
 		}
 
-		key := generateKey()
+		// Save updated config
-
-		signup, err := getBool(flags, "signup")
-		if err != nil {
-			return err
-		}
-
-		hideLoginButton, err := getBool(flags, "hide-login-button")
-		if err != nil {
-			return err
-		}
-
-		createUserDir, err := getBool(flags, "create-user-dir")
-		if err != nil {
-			return err
-		}
-
-		minLength, err := getUint(flags, "minimum-password-length")
-		if err != nil {
-			return err
-		}
-
-		shell, err := getString(flags, "shell")
-		if err != nil {
-			return err
-		}
-
-		brandingName, err := getString(flags, "branding.name")
-		if err != nil {
-			return err
-		}
-
-		brandingDisableExternal, err := getBool(flags, "branding.disableExternal")
-		if err != nil {
-			return err
-		}
-
-		brandingDisableUsedPercentage, err := getBool(flags, "branding.disableUsedPercentage")
-		if err != nil {
-			return err
-		}
-
-		brandingTheme, err := getString(flags, "branding.theme")
-		if err != nil {
-			return err
-		}
-
-		brandingFiles, err := getString(flags, "branding.files")
-		if err != nil {
-			return err
-		}
-
-		s := &settings.Settings{
-			Key:                   key,
-			Signup:                signup,
-			HideLoginButton:       hideLoginButton,
-			CreateUserDir:         createUserDir,
-			MinimumPasswordLength: minLength,
-			Shell:                 convertCmdStrToCmdArray(shell),
-			AuthMethod:            authMethod,
-			Defaults:              defaults,
-			Branding: settings.Branding{
-				Name:                  brandingName,
-				DisableExternal:       brandingDisableExternal,
-				DisableUsedPercentage: brandingDisableUsedPercentage,
-				Theme:                 brandingTheme,
-				Files:                 brandingFiles,
-			},
-		}
-
-		s.FileMode, err = getMode(flags, "file-mode")
-		if err != nil {
-			return err
-		}
-
-		s.DirMode, err = getMode(flags, "dir-mode")
-		if err != nil {
-			return err
-		}
-
-		address, err := getString(flags, "address")
-		if err != nil {
-			return err
-		}
-
-		socket, err := getString(flags, "socket")
-		if err != nil {
-			return err
-		}
-
-		root, err := getString(flags, "root")
-		if err != nil {
-			return err
-		}
-
-		baseURL, err := getString(flags, "baseurl")
-		if err != nil {
-			return err
-		}
-
-		tlsKey, err := getString(flags, "key")
-		if err != nil {
-			return err
-		}
-
-		cert, err := getString(flags, "cert")
-		if err != nil {
-			return err
-		}
-
-		port, err := getString(flags, "port")
-		if err != nil {
-			return err
-		}
-
-		log, err := getString(flags, "log")
-		if err != nil {
-			return err
-		}
-
-		ser := &settings.Server{
-			Address: address,
-			Socket:  socket,
-			Root:    root,
-			BaseURL: baseURL,
-			TLSKey:  tlsKey,
-			TLSCert: cert,
-			Port:    port,
-			Log:     log,
-		}
-
 		err = d.store.Settings.Save(s)
 		if err != nil {
 			return err
 		}
+
 		err = d.store.Settings.SaveServer(ser)
 		if err != nil {
 			return err
 		}
+
 		err = d.store.Auth.Save(auther)
 		if err != nil {
 			return err
@@ -184,5 +57,5 @@ Now add your first user via 'filebrowser users add' and then you just
 need to call the main command to boot up the server.
 `)
 		return printSettings(ser, s, auther)
-	}, pythonConfig{noDB: true}),
+	}, pythonConfig{expectsNoDatabase: true}),
 }

cmd/config_set.go

@@ -2,7 +2,6 @@ package cmd
 
 import (
 	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
 )
 
 func init() {
@@ -18,6 +17,8 @@ you want to change. Other options will remain unchanged.`,
 	Args: cobra.NoArgs,
 	RunE: python(func(cmd *cobra.Command, _ []string, d *pythonData) error {
 		flags := cmd.Flags()
+
+		// Read existing config
 		set, err := d.store.Settings.Get()
 		if err != nil {
 			return err
@@ -28,90 +29,28 @@ you want to change. Other options will remain unchanged.`,
 			return err
 		}
 
-		hasAuth := false
-		flags.Visit(func(flag *pflag.Flag) {
-			if err != nil {
-				return
-			}
-			switch flag.Name {
-			case "baseurl":
-				ser.BaseURL, err = getString(flags, flag.Name)
-			case "root":
-				ser.Root, err = getString(flags, flag.Name)
-			case "socket":
-				ser.Socket, err = getString(flags, flag.Name)
-			case "cert":
-				ser.TLSCert, err = getString(flags, flag.Name)
-			case "key":
-				ser.TLSKey, err = getString(flags, flag.Name)
-			case "address":
-				ser.Address, err = getString(flags, flag.Name)
-			case "port":
-				ser.Port, err = getString(flags, flag.Name)
-			case "log":
-				ser.Log, err = getString(flags, flag.Name)
-			case "hide-login-button":
-				set.HideLoginButton, err = getBool(flags, flag.Name)
-			case "signup":
-				set.Signup, err = getBool(flags, flag.Name)
-			case "auth.method":
-				hasAuth = true
-			case "shell":
-				var shell string
-				shell, err = getString(flags, flag.Name)
-				set.Shell = convertCmdStrToCmdArray(shell)
-			case "create-user-dir":
-				set.CreateUserDir, err = getBool(flags, flag.Name)
-			case "minimum-password-length":
-				set.MinimumPasswordLength, err = getUint(flags, flag.Name)
-			case "branding.name":
-				set.Branding.Name, err = getString(flags, flag.Name)
-			case "branding.color":
-				set.Branding.Color, err = getString(flags, flag.Name)
-			case "branding.theme":
-				set.Branding.Theme, err = getString(flags, flag.Name)
-			case "branding.disableExternal":
-				set.Branding.DisableExternal, err = getBool(flags, flag.Name)
-			case "branding.disableUsedPercentage":
-				set.Branding.DisableUsedPercentage, err = getBool(flags, flag.Name)
-			case "branding.files":
-				set.Branding.Files, err = getString(flags, flag.Name)
-			case "file-mode":
-				set.FileMode, err = getMode(flags, flag.Name)
-			case "dir-mode":
-				set.DirMode, err = getMode(flags, flag.Name)
-			}
-		})
-
-		if err != nil {
-			return err
-		}
-
-		err = getUserDefaults(flags, &set.Defaults, false)
-		if err != nil {
-			return err
-		}
-
-		// read the defaults
 		auther, err := d.store.Auth.Get(set.AuthMethod)
 		if err != nil {
 			return err
 		}
 
-		// check if there are new flags for existing auth method
+		// Get updated config
-		set.AuthMethod, auther, err = getAuthentication(flags, hasAuth, set, auther)
+		auther, err = getSettings(flags, set, ser, auther, false)
 		if err != nil {
 			return err
 		}
 
+		// Save updated config
 		err = d.store.Auth.Save(auther)
 		if err != nil {
 			return err
 		}
+
 		err = d.store.Settings.Save(set)
 		if err != nil {
 			return err
 		}
+
 		err = d.store.Settings.SaveServer(ser)
 		if err != nil {
 			return err

cmd/docs.go

@@ -3,36 +3,18 @@ package cmd
 import (
 	"bytes"
 	"fmt"
-	"io"
 	"os"
-	"path/filepath"
+	"path"
-	"sort"
+	"regexp"
 	"strings"
 
 	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
+	"github.com/spf13/cobra/doc"
 )
 
 func init() {
 	rootCmd.AddCommand(docsCmd)
-	docsCmd.Flags().StringP("path", "p", "./docs", "path to save the docs")
+	docsCmd.Flags().String("out", "www/docs/cli", "directory to write the docs to")
-}
-
-func printToc(names []string) {
-	for i, name := range names {
-		name = strings.TrimSuffix(name, filepath.Ext(name))
-		name = strings.ReplaceAll(name, "-", " ")
-		names[i] = name
-	}
-
-	sort.Strings(names)
-
-	toc := ""
-	for _, name := range names {
-		toc += "* [" + name + "](cli/" + strings.ReplaceAll(name, " ", "-") + ".md)\n"
-	}
-
-	fmt.Println(toc)
 }
 
 var docsCmd = &cobra.Command{
@@ -40,115 +22,61 @@ var docsCmd = &cobra.Command{
 	Hidden: true,
 	Args:   cobra.NoArgs,
 	RunE: func(cmd *cobra.Command, _ []string) error {
-		dir, err := getString(cmd.Flags(), "path")
+		outputDir, err := cmd.Flags().GetString("out")
 		if err != nil {
 			return err
 		}
 
-		err = generateDocs(rootCmd, dir)
+		tempDir, err := os.MkdirTemp(os.TempDir(), "filebrowser-docs-")
 		if err != nil {
 			return err
 		}
-		names := []string{}
+		defer os.RemoveAll(tempDir)
 
-		err = filepath.Walk(dir, func(_ string, info os.FileInfo, err error) error {
+		rootCmd.Root().DisableAutoGenTag = true
-			if err != nil || info.IsDir() {
-				return err
-			}
 
-			if !strings.HasPrefix(info.Name(), "filebrowser") {
+		err = doc.GenMarkdownTreeCustom(cmd.Root(), tempDir, func(f string) string {
-				return nil
+			return ""
-			}
+		}, func(s string) string {
-
+			return s
-			names = append(names, info.Name())
-			return nil
 		})
 		if err != nil {
 			return err
 		}
 
-		printToc(names)
+		entries, err := os.ReadDir(tempDir)
-		return nil
-	},
-}
-
-func generateDocs(cmd *cobra.Command, dir string) error {
-	for _, c := range cmd.Commands() {
-		if !c.IsAvailableCommand() || c.IsAdditionalHelpTopicCommand() {
-			continue
-		}
-
-		err := generateDocs(c, dir)
 		if err != nil {
 			return err
 		}
-	}
 
-	basename := strings.ReplaceAll(cmd.CommandPath(), " ", "-") + ".md"
+		headerRegex := regexp.MustCompile(`(?m)^(##)(.*)$`)
-	filename := filepath.Join(dir, basename)
+		linkRegex := regexp.MustCompile(`\(filebrowser(.*)\.md\)`)
-	f, err := os.Create(filename)
+
-	if err != nil {
+		fmt.Println("Generated Documents:")
-		return err
+
-	}
+		for _, entry := range entries {
-	defer f.Close()
+			srcPath := path.Join(tempDir, entry.Name())
-	return generateMarkdown(cmd, f)
+			dstPath := path.Join(outputDir, strings.ReplaceAll(entry.Name(), "_", "-"))
-}
+
-
+			data, err := os.ReadFile(srcPath)
-func generateMarkdown(cmd *cobra.Command, w io.Writer) error {
+			if err != nil {
-	cmd.InitDefaultHelpCmd()
+				return err
-	cmd.InitDefaultHelpFlag()
+			}
-
+
-	buf := new(bytes.Buffer)
+			data = headerRegex.ReplaceAll(data, []byte("#$2"))
-	name := cmd.CommandPath()
+			data = linkRegex.ReplaceAllFunc(data, func(b []byte) []byte {
-
+				return bytes.ReplaceAll(b, []byte("_"), []byte("-"))
-	short := cmd.Short
+			})
-	long := cmd.Long
+			data = bytes.ReplaceAll(data, []byte("## SEE ALSO"), []byte("## See Also"))
-	if long == "" {
+
-		long = short
+			err = os.WriteFile(dstPath, data, 0666)
-	}
+			if err != nil {
-
+				return err
-	buf.WriteString("---\ndescription: " + short + "\n---\n\n")
+			}
-	buf.WriteString("# " + name + "\n\n")
+
-	buf.WriteString("## Synopsis\n\n")
+			fmt.Println("- " + dstPath)
-	buf.WriteString(long + "\n\n")
+		}
-
+
-	if cmd.Runnable() {
+		return nil
-		_, _ = fmt.Fprintf(buf, "```\n%s\n```\n\n", cmd.UseLine())
+	},
-	}
-
-	if cmd.Example != "" {
-		buf.WriteString("## Examples\n\n")
-		_, _ = fmt.Fprintf(buf, "```\n%s\n```\n\n", cmd.Example)
-	}
-
-	printOptions(buf, cmd)
-	_, err := buf.WriteTo(w)
-	return err
-}
-
-func generateFlagsTable(fs *pflag.FlagSet, buf io.StringWriter) {
-	_, _ = buf.WriteString("| Name | Shorthand | Usage |\n")
-	_, _ = buf.WriteString("|------|-----------|-------|\n")
-
-	fs.VisitAll(func(f *pflag.Flag) {
-		_, _ = buf.WriteString("|" + f.Name + "|" + f.Shorthand + "|" + f.Usage + "|\n")
-	})
-}
-
-func printOptions(buf *bytes.Buffer, cmd *cobra.Command) {
-	flags := cmd.NonInheritedFlags()
-	flags.SetOutput(buf)
-	if flags.HasAvailableFlags() {
-		buf.WriteString("## Options\n\n")
-		generateFlagsTable(flags, buf)
-		buf.WriteString("\n")
-	}
-
-	parentFlags := cmd.InheritedFlags()
-	parentFlags.SetOutput(buf)
-	if parentFlags.HasAvailableFlags() {
-		buf.WriteString("### Inherited\n\n")
-		generateFlagsTable(parentFlags, buf)
-		buf.WriteString("\n")
-	}
 }

cmd/root.go

@@ -13,20 +13,17 @@ import (
 	"os"
 	"os/signal"
 	"path/filepath"
-	"strings"
 	"syscall"
 	"time"
 
-	homedir "github.com/mitchellh/go-homedir"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	v "github.com/spf13/viper"
+	"github.com/spf13/viper"
 	lumberjack "gopkg.in/natefinch/lumberjack.v2"
 
 	"github.com/filebrowser/filebrowser/v2/auth"
 	"github.com/filebrowser/filebrowser/v2/diskcache"
-	fbErrors "github.com/filebrowser/filebrowser/v2/errors"
 	"github.com/filebrowser/filebrowser/v2/frontend"
 	fbhttp "github.com/filebrowser/filebrowser/v2/http"
 	"github.com/filebrowser/filebrowser/v2/img"
@@ -36,28 +33,67 @@ import (
 )
 
 var (
-	cfgFile string
+	flagNamesMigrations = map[string]string{
+		"file-mode":                        "fileMode",
+		"dir-mode":                         "dirMode",
+		"hide-login-button":                "hideLoginButton",
+		"create-user-dir":                  "createUserDir",
+		"minimum-password-length":          "minimumPasswordLength",
+		"socket-perm":                      "socketPerm",
+		"disable-thumbnails":               "disableThumbnails",
+		"disable-preview-resize":           "disablePreviewResize",
+		"disable-exec":                     "disableExec",
+		"disable-type-detection-by-header": "disableTypeDetectionByHeader",
+		"img-processors":                   "imageProcessors",
+		"cache-dir":                        "cacheDir",
+		"token-expiration-time":            "tokenExpirationTime",
+		"baseurl":                          "baseURL",
+	}
+
+	warnedFlags = map[string]bool{}
 )
 
+// TODO(remove): remove after July 2026.
+func migrateFlagNames(f *pflag.FlagSet, name string) pflag.NormalizedName {
+	if newName, ok := flagNamesMigrations[name]; ok {
+
+		if !warnedFlags[name] {
+			warnedFlags[name] = true
+			fmt.Printf("WARNING: Flag --%s has been deprecated, use --%s instead\n", name, newName)
+		}
+
+		name = newName
+	}
+
+	return pflag.NormalizedName(name)
+}
+
 func init() {
-	cobra.OnInitialize(initConfig)
 	rootCmd.SilenceUsage = true
+	rootCmd.SetGlobalNormalizationFunc(migrateFlagNames)
+
 	cobra.MousetrapHelpText = ""
 
 	rootCmd.SetVersionTemplate("File Browser version {{printf \"%s\" .Version}}\n")
 
-	flags := rootCmd.Flags()
+	// Flags available across the whole program
 	persistent := rootCmd.PersistentFlags()
-
+	persistent.StringP("config", "c", "", "config file path")
-	persistent.StringVarP(&cfgFile, "config", "c", "", "config file path")
 	persistent.StringP("database", "d", "./filebrowser.db", "database path")
-	flags.Bool("noauth", false, "use the noauth auther when using quick setup")
-	flags.String("username", "admin", "username for the first user when using quick config")
-	flags.String("password", "", "hashed password for the first user when using quick config")
 
+	// Runtime flags for the root command
+	flags := rootCmd.Flags()
+	flags.Bool("noauth", false, "use the noauth auther when using quick setup")
+	flags.String("username", "admin", "username for the first user when using quick setup")
+	flags.String("password", "", "hashed password for the first user when using quick setup")
+	flags.Uint32("socketPerm", 0666, "unix socket file permissions")
+	flags.String("cacheDir", "", "file cache directory (disabled if empty)")
+	flags.Int("imageProcessors", 4, "image processors count")
 	addServerFlags(flags)
 }
 
+// addServerFlags adds server related flags to the given FlagSet. These flags are available
+// in both the root command, config set and config init commands.
 func addServerFlags(flags *pflag.FlagSet) {
 	flags.StringP("address", "a", "127.0.0.1", "address to listen on")
 	flags.StringP("log", "l", "stdout", "log output")
@@ -66,15 +102,12 @@ func addServerFlags(flags *pflag.FlagSet) {
 	flags.StringP("key", "k", "", "tls key")
 	flags.StringP("root", "r", ".", "root to prepend to relative paths")
 	flags.String("socket", "", "socket to listen to (cannot be used with address, port, cert nor key flags)")
-	flags.Uint32("socket-perm", 0666, "unix socket file permissions")
+	flags.StringP("baseURL", "b", "", "base url")
-	flags.StringP("baseurl", "b", "", "base url")
+	flags.String("tokenExpirationTime", "2h", "user session timeout")
-	flags.String("cache-dir", "", "file cache directory (disabled if empty)")
+	flags.Bool("disableThumbnails", false, "disable image thumbnails")
-	flags.String("token-expiration-time", "2h", "user session timeout")
+	flags.Bool("disablePreviewResize", false, "disable resize of image previews")
-	flags.Int("img-processors", 4, "image processors count") //nolint:mnd
+	flags.Bool("disableExec", true, "disables Command Runner feature")
-	flags.Bool("disable-thumbnails", false, "disable image thumbnails")
+	flags.Bool("disableTypeDetectionByHeader", false, "disables type detection by reading file headers")
-	flags.Bool("disable-preview-resize", false, "disable resize of image previews")
-	flags.Bool("disable-exec", true, "disables Command Runner feature")
-	flags.Bool("disable-type-detection-by-header", false, "disables type detection by reading file headers")
 }
 
 var rootCmd = &cobra.Command{
@@ -89,12 +122,14 @@ it. Don't worry: you don't need to setup a separate database server.
 We're using Bolt DB which is a single file database and all managed
 by ourselves.
 
-For this specific command, all the flags you have available (except
+For this command, all flags are available as environmental variables,
-"config" for the configuration file), can be given either through
+except for "--config", which specifies the configuration file to use.
-environment variables or configuration files.
+The environment variables are prefixed by "FB_" followed by the flag name in
+UPPER_SNAKE_CASE. For example, the flag "--disablePreviewResize" is available
+as FB_DISABLE_PREVIEW_RESIZE.
 
-If you don't set "config", it will look for a configuration file called
+If "--config" is not specified, File Browser will look for a configuration
-.filebrowser.{json, toml, yaml, yml} in the following directories:
+file named .filebrowser.{json, toml, yaml, yml} in the following directories:
 
 - ./
 - $HOME/
@@ -102,52 +137,40 @@ If you don't set "config", it will look for a configuration file called
 
 The precedence of the configuration values are as follows:
 
-- flags
+- Flags
-- environment variables
+- Environment variables
-- configuration file
+- Configuration file
-- database values
+- Database values
-- defaults
+- Defaults
-
-The environment variables are prefixed by "FB_" followed by the option
-name in caps. So to set "database" via an env variable, you should
-set FB_DATABASE.
 
 Also, if the database path doesn't exist, File Browser will enter into
 the quick setup mode and a new database will be bootstrapped and a new
 user created with the credentials from options "username" and "password".`,
 	RunE: python(func(cmd *cobra.Command, _ []string, d *pythonData) error {
-		log.Println(cfgFile)
+		if !d.databaseExisted {
-
+			err := quickSetup(*d)
-		if !d.hadDB {
-			err := quickSetup(cmd.Flags(), *d)
 			if err != nil {
 				return err
 			}
 		}
 
 		// build img service
-		workersCount, err := cmd.Flags().GetInt("img-processors")
+		imgWorkersCount := d.viper.GetInt("imageProcessors")
-		if err != nil {
+		if imgWorkersCount < 1 {
-			return err
-		}
-		if workersCount < 1 {
 			return errors.New("image resize workers count could not be < 1")
 		}
-		imgSvc := img.New(workersCount)
+		imageService := img.New(imgWorkersCount)
 
 		var fileCache diskcache.Interface = diskcache.NewNoOp()
-		cacheDir, err := cmd.Flags().GetString("cache-dir")
+		cacheDir := d.viper.GetString("cacheDir")
-		if err != nil {
-			return err
-		}
 		if cacheDir != "" {
-			if err := os.MkdirAll(cacheDir, 0700); err != nil { //nolint:govet
+			if err := os.MkdirAll(cacheDir, 0700); err != nil {
 				return fmt.Errorf("can't make directory %s: %w", cacheDir, err)
 			}
 			fileCache = diskcache.New(afero.NewOsFs(), cacheDir)
 		}
 
-		server, err := getRunParams(cmd.Flags(), d.store)
+		server, err := getServerSettings(d.viper, d.store)
 		if err != nil {
 			return err
 		}
@@ -169,16 +192,13 @@ user created with the credentials from options "username" and "password".`,
 			if err != nil {
 				return err
 			}
-			socketPerm, err := cmd.Flags().GetUint32("socket-perm") //nolint:govet
+			socketPerm := d.viper.GetUint32("socketPerm")
-			if err != nil {
-				return err
-			}
 			err = os.Chmod(server.Socket, os.FileMode(socketPerm))
 			if err != nil {
 				return err
 			}
 		case server.TLSKey != "" && server.TLSCert != "":
-			cer, err := tls.LoadX509KeyPair(server.TLSCert, server.TLSKey) //nolint:govet
+			cer, err := tls.LoadX509KeyPair(server.TLSCert, server.TLSKey)
 			if err != nil {
 				return err
 			}
@@ -201,7 +221,7 @@ user created with the credentials from options "username" and "password".`,
 			panic(err)
 		}
 
-		handler, err := fbhttp.NewHandler(imgSvc, fileCache, d.store, server, assetsFs)
+		handler, err := fbhttp.NewHandler(imageService, fileCache, d.store, server, assetsFs)
 		if err != nil {
 			return err
 		}
@@ -233,7 +253,7 @@ user created with the credentials from options "username" and "password".`,
 		sig := <-sigc
 		log.Println("Got signal:", sig)
 
-		shutdownCtx, shutdownRelease := context.WithTimeout(context.Background(), 10*time.Second) //nolint:mnd
+		shutdownCtx, shutdownRelease := context.WithTimeout(context.Background(), 10*time.Second)
 		defer shutdownRelease()
 
 		if err := srv.Shutdown(shutdownCtx); err != nil {
@@ -241,66 +261,74 @@ user created with the credentials from options "username" and "password".`,
 		}
 		log.Println("Graceful shutdown complete.")
 
-		switch sig {
+		return nil
-		case syscall.SIGHUP:
+	}, pythonConfig{allowsNoDatabase: true}),
-			d.err = fbErrors.ErrSighup
-		case syscall.SIGINT:
-			d.err = fbErrors.ErrSigint
-		case syscall.SIGQUIT:
-			d.err = fbErrors.ErrSigquit
-		case syscall.SIGTERM:
-			d.err = fbErrors.ErrSigTerm
-		}
-
-		return d.err
-	}, pythonConfig{allowNoDB: true}),
 }
 
-//nolint:gocyclo
+func getServerSettings(v *viper.Viper, st *storage.Storage) (*settings.Server, error) {
-func getRunParams(flags *pflag.FlagSet, st *storage.Storage) (*settings.Server, error) {
 	server, err := st.Settings.GetServer()
 	if err != nil {
 		return nil, err
 	}
 
-	if val, set := getStringParamB(flags, "root"); set {
-		server.Root = val
-	}
-
-	if val, set := getStringParamB(flags, "baseurl"); set {
-		server.BaseURL = val
-	}
-
-	if val, set := getStringParamB(flags, "log"); set {
-		server.Log = val
-	}
-
 	isSocketSet := false
 	isAddrSet := false
 
-	if val, set := getStringParamB(flags, "address"); set {
+	if v.IsSet("address") {
-		server.Address = val
+		server.Address = v.GetString("address")
-		isAddrSet = isAddrSet || set
+		isAddrSet = true
 	}
 
-	if val, set := getStringParamB(flags, "port"); set {
+	if v.IsSet("log") {
-		server.Port = val
+		server.Log = v.GetString("log")
-		isAddrSet = isAddrSet || set
 	}
 
-	if val, set := getStringParamB(flags, "key"); set {
+	if v.IsSet("port") {
-		server.TLSKey = val
+		server.Port = v.GetString("port")
-		isAddrSet = isAddrSet || set
+		isAddrSet = true
 	}
 
-	if val, set := getStringParamB(flags, "cert"); set {
+	if v.IsSet("cert") {
-		server.TLSCert = val
+		server.TLSCert = v.GetString("cert")
-		isAddrSet = isAddrSet || set
+		isAddrSet = true
 	}
 
-	if val, set := getStringParamB(flags, "socket"); set {
+	if v.IsSet("key") {
-		server.Socket = val
+		server.TLSKey = v.GetString("key")
-		isSocketSet = isSocketSet || set
+		isAddrSet = true
+	}
+
+	if v.IsSet("root") {
+		server.Root = v.GetString("root")
+	}
+
+	if v.IsSet("socket") {
+		server.Socket = v.GetString("socket")
+		isSocketSet = true
+	}
+
+	if v.IsSet("baseURL") {
+		server.BaseURL = v.GetString("baseURL")
+	}
+
+	if v.IsSet("tokenExpirationTime") {
+		server.TokenExpirationTime = v.GetString("tokenExpirationTime")
+	}
+
+	if v.IsSet("disableThumbnails") {
+		server.EnableThumbnails = !v.GetBool("disableThumbnails")
+	}
+
+	if v.IsSet("disablePreviewResize") {
+		server.ResizePreview = !v.GetBool("disablePreviewResize")
+	}
+
+	if v.IsSet("disableTypeDetectionByHeader") {
+		server.TypeDetectionByHeader = !v.GetBool("disableTypeDetectionByHeader")
+	}
+
+	if v.IsSet("disableExec") {
+		server.EnableExec = !v.GetBool("disableExec")
 	}
 
 	if isAddrSet && isSocketSet {
@@ -312,18 +340,6 @@ func getRunParams(flags *pflag.FlagSet, st *storage.Storage) (*settings.Server,
 		server.Socket = ""
 	}
 
-	disableThumbnails := getBoolParam(flags, "disable-thumbnails")
-	server.EnableThumbnails = !disableThumbnails
-
-	disablePreviewResize := getBoolParam(flags, "disable-preview-resize")
-	server.ResizePreview = !disablePreviewResize
-
-	disableTypeDetectionByHeader := getBoolParam(flags, "disable-type-detection-by-header")
-	server.TypeDetectionByHeader = !disableTypeDetectionByHeader
-
-	disableExec := getBoolParam(flags, "disable-exec")
-	server.EnableExec = !disableExec
-
 	if server.EnableExec {
 		log.Println("WARNING: Command Runner feature enabled!")
 		log.Println("WARNING: This feature has known security vulnerabilities and should not")
@@ -331,71 +347,9 @@ func getRunParams(flags *pflag.FlagSet, st *storage.Storage) (*settings.Server,
 		log.Println("WARNING: read https://github.com/filebrowser/filebrowser/issues/5199")
 	}
 
-	if val, set := getStringParamB(flags, "token-expiration-time"); set {
-		server.TokenExpirationTime = val
-	}
-
 	return server, nil
 }
 
-// getBoolParamB returns a parameter as a string and a boolean to tell if it is different from the default
-//
-// NOTE: we could simply bind the flags to viper and use IsSet.
-// Although there is a bug on Viper that always returns true on IsSet
-// if a flag is binded. Our alternative way is to manually check
-// the flag and then the value from env/config/gotten by viper.
-// https://github.com/spf13/viper/pull/331
-func getBoolParamB(flags *pflag.FlagSet, key string) (value, ok bool) {
-	value, _ = flags.GetBool(key)
-
-	// If set on Flags, use it.
-	if flags.Changed(key) {
-		return value, true
-	}
-
-	// If set through viper (env, config), return it.
-	if v.IsSet(key) {
-		return v.GetBool(key), true
-	}
-
-	// Otherwise use default value on flags.
-	return value, false
-}
-
-func getBoolParam(flags *pflag.FlagSet, key string) bool {
-	val, _ := getBoolParamB(flags, key)
-	return val
-}
-
-// getStringParamB returns a parameter as a string and a boolean to tell if it is different from the default
-//
-// NOTE: we could simply bind the flags to viper and use IsSet.
-// Although there is a bug on Viper that always returns true on IsSet
-// if a flag is binded. Our alternative way is to manually check
-// the flag and then the value from env/config/gotten by viper.
-// https://github.com/spf13/viper/pull/331
-func getStringParamB(flags *pflag.FlagSet, key string) (string, bool) {
-	value, _ := flags.GetString(key)
-
-	// If set on Flags, use it.
-	if flags.Changed(key) {
-		return value, true
-	}
-
-	// If set through viper (env, config), return it.
-	if v.IsSet(key) {
-		return v.GetString(key), true
-	}
-
-	// Otherwise use default value on flags.
-	return value, false
-}
-
-func getStringParam(flags *pflag.FlagSet, key string) string {
-	val, _ := getStringParamB(flags, key)
-	return val
-}
-
 func setupLog(logMethod string) {
 	switch logMethod {
 	case "stdout":
@@ -414,7 +368,7 @@ func setupLog(logMethod string) {
 	}
 }
 
-func quickSetup(flags *pflag.FlagSet, d pythonData) error {
+func quickSetup(d pythonData) error {
 	log.Println("Performing quick setup")
 
 	set := &settings.Settings{
@@ -428,7 +382,7 @@ func quickSetup(flags *pflag.FlagSet, d pythonData) error {
 			Scope:          ".",
 			Locale:         "en",
 			SingleClick:    false,
-			AceEditorTheme: getStringParam(flags, "defaults.aceEditorTheme"),
+			AceEditorTheme: d.viper.GetString("defaults.aceEditorTheme"),
 			Perm: users.Permissions{
 				Admin:    false,
 				Execute:  true,
@@ -452,7 +406,7 @@ func quickSetup(flags *pflag.FlagSet, d pythonData) error {
 	}
 
 	var err error
-	if _, noauth := getStringParamB(flags, "noauth"); noauth {
+	if d.viper.GetBool("noauth") {
 		set.AuthMethod = auth.MethodNoAuth
 		err = d.store.Auth.Save(&auth.NoAuth{})
 	} else {
@@ -469,13 +423,18 @@ func quickSetup(flags *pflag.FlagSet, d pythonData) error {
 	}
 
 	ser := &settings.Server{
-		BaseURL: getStringParam(flags, "baseurl"),
+		BaseURL:               d.viper.GetString("baseURL"),
-		Port:    getStringParam(flags, "port"),
+		Port:                  d.viper.GetString("port"),
-		Log:     getStringParam(flags, "log"),
+		Log:                   d.viper.GetString("log"),
-		TLSKey:  getStringParam(flags, "key"),
+		TLSKey:                d.viper.GetString("key"),
-		TLSCert: getStringParam(flags, "cert"),
+		TLSCert:               d.viper.GetString("cert"),
-		Address: getStringParam(flags, "address"),
+		Address:               d.viper.GetString("address"),
-		Root:    getStringParam(flags, "root"),
+		Root:                  d.viper.GetString("root"),
+		TokenExpirationTime:   d.viper.GetString("tokenExpirationTime"),
+		EnableThumbnails:      !d.viper.GetBool("disableThumbnails"),
+		ResizePreview:         !d.viper.GetBool("disablePreviewResize"),
+		EnableExec:            !d.viper.GetBool("disableExec"),
+		TypeDetectionByHeader: !d.viper.GetBool("disableTypeDetectionByHeader"),
 	}
 
 	err = d.store.Settings.SaveServer(ser)
@@ -483,8 +442,8 @@ func quickSetup(flags *pflag.FlagSet, d pythonData) error {
 		return err
 	}
 
-	username := getStringParam(flags, "username")
+	username := d.viper.GetString("username")
-	password := getStringParam(flags, "password")
+	password := d.viper.GetString("password")
 
 	if password == "" {
 		var pwd string
@@ -517,33 +476,3 @@ func quickSetup(flags *pflag.FlagSet, d pythonData) error {
 
 	return d.store.Users.Save(user)
 }
-
-func initConfig() {
-	if cfgFile == "" {
-		home, err := homedir.Dir()
-		if err != nil {
-			panic(err)
-		}
-		v.AddConfigPath(".")
-		v.AddConfigPath(home)
-		v.AddConfigPath("/etc/filebrowser/")
-		v.SetConfigName(".filebrowser")
-	} else {
-		v.SetConfigFile(cfgFile)
-	}
-
-	v.SetEnvPrefix("FB")
-	v.AutomaticEnv()
-	v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
-	v.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
-
-	if err := v.ReadInConfig(); err != nil {
-		var configParseError v.ConfigParseError
-		if errors.As(err, &configParseError) {
-			panic(err)
-		}
-		cfgFile = "No config file used"
-	} else {
-		cfgFile = "Using config file: " + v.ConfigFileUsed()
-	}
-}

cmd/rules.go

@@ -69,11 +69,12 @@ func runRules(st *storage.Storage, cmd *cobra.Command, usersFn func(*users.User)
 }
 
 func getUserIdentifier(flags *pflag.FlagSet) (interface{}, error) {
-	id, err := getUint(flags, "id")
+	id, err := flags.GetUint("id")
 	if err != nil {
 		return nil, err
 	}
-	username, err := getString(flags, "username")
+
+	username, err := flags.GetString("username")
 	if err != nil {
 		return nil, err
 	}

cmd/rules_add.go

@@ -22,14 +22,18 @@ var rulesAddCmd = &cobra.Command{
 	Long:  `Add a global rule or user rule.`,
 	Args:  cobra.ExactArgs(1),
 	RunE: python(func(cmd *cobra.Command, args []string, d *pythonData) error {
-		allow, err := getBool(cmd.Flags(), "allow")
+		flags := cmd.Flags()
+
+		allow, err := flags.GetBool("allow")
 		if err != nil {
 			return err
 		}
-		regex, err := getBool(cmd.Flags(), "regex")
+
+		regex, err := flags.GetBool("regex")
 		if err != nil {
 			return err
 		}
+
 		exp := args[0]
 
 		if regex {

cmd/upgrade.go

@@ -1,40 +0,0 @@
-package cmd
-
-import (
-	"github.com/spf13/cobra"
-
-	"github.com/filebrowser/filebrowser/v2/storage/bolt/importer"
-)
-
-func init() {
-	rootCmd.AddCommand(upgradeCmd)
-
-	upgradeCmd.Flags().String("old.database", "", "")
-	upgradeCmd.Flags().String("old.config", "", "")
-	_ = upgradeCmd.MarkFlagRequired("old.database")
-}
-
-var upgradeCmd = &cobra.Command{
-	Use:   "upgrade",
-	Short: "Upgrades an old configuration",
-	Long: `Upgrades an old configuration. This command DOES NOT
-import share links because they are incompatible with
-this version.`,
-	Args: cobra.NoArgs,
-	RunE: func(cmd *cobra.Command, _ []string) error {
-		flags := cmd.Flags()
-		oldDB, err := getString(flags, "old.database")
-		if err != nil {
-			return err
-		}
-		oldConf, err := getString(flags, "old.config")
-		if err != nil {
-			return err
-		}
-		db, err := getString(flags, "database")
-		if err != nil {
-			return err
-		}
-		return importer.Import(oldDB, oldConf, db)
-	},
-}

cmd/users.go

@@ -80,67 +80,66 @@ func addUserFlags(flags *pflag.FlagSet) {
 	flags.Bool("dateFormat", false, "use date format (true for absolute time, false for relative)")
 	flags.Bool("hideDotfiles", false, "hide dotfiles")
 	flags.String("aceEditorTheme", "", "ace editor's syntax highlighting theme for users")
-	flags.Bool("hide-dotfiles", false, "Hide dotfiles by default")
 }
 
-func getViewMode(flags *pflag.FlagSet) (users.ViewMode, error) {
+func getAndParseViewMode(flags *pflag.FlagSet) (users.ViewMode, error) {
-	viewModeStr, err := getString(flags, "viewMode")
+	viewModeStr, err := flags.GetString("viewMode")
 	if err != nil {
 		return "", err
 	}
+
 	viewMode := users.ViewMode(viewModeStr)
 	if viewMode != users.ListViewMode && viewMode != users.MosaicViewMode {
 		return "", errors.New("view mode must be \"" + string(users.ListViewMode) + "\" or \"" + string(users.MosaicViewMode) + "\"")
 	}
+
 	return viewMode, nil
 }
 
-//nolint:gocyclo
 func getUserDefaults(flags *pflag.FlagSet, defaults *settings.UserDefaults, all bool) error {
-	var visitErr error
+	errs := []error{}
+
 	visit := func(flag *pflag.Flag) {
-		if visitErr != nil {
-			return
-		}
 		var err error
 		switch flag.Name {
 		case "scope":
-			defaults.Scope, err = getString(flags, flag.Name)
+			defaults.Scope, err = flags.GetString(flag.Name)
 		case "locale":
-			defaults.Locale, err = getString(flags, flag.Name)
+			defaults.Locale, err = flags.GetString(flag.Name)
 		case "viewMode":
-			defaults.ViewMode, err = getViewMode(flags)
+			defaults.ViewMode, err = getAndParseViewMode(flags)
 		case "singleClick":
-			defaults.SingleClick, err = getBool(flags, flag.Name)
+			defaults.SingleClick, err = flags.GetBool(flag.Name)
 		case "aceEditorTheme":
-			defaults.AceEditorTheme, err = getString(flags, flag.Name)
+			defaults.AceEditorTheme, err = flags.GetString(flag.Name)
 		case "perm.admin":
-			defaults.Perm.Admin, err = getBool(flags, flag.Name)
+			defaults.Perm.Admin, err = flags.GetBool(flag.Name)
 		case "perm.execute":
-			defaults.Perm.Execute, err = getBool(flags, flag.Name)
+			defaults.Perm.Execute, err = flags.GetBool(flag.Name)
 		case "perm.create":
-			defaults.Perm.Create, err = getBool(flags, flag.Name)
+			defaults.Perm.Create, err = flags.GetBool(flag.Name)
 		case "perm.rename":
-			defaults.Perm.Rename, err = getBool(flags, flag.Name)
+			defaults.Perm.Rename, err = flags.GetBool(flag.Name)
 		case "perm.modify":
-			defaults.Perm.Modify, err = getBool(flags, flag.Name)
+			defaults.Perm.Modify, err = flags.GetBool(flag.Name)
 		case "perm.delete":
-			defaults.Perm.Delete, err = getBool(flags, flag.Name)
+			defaults.Perm.Delete, err = flags.GetBool(flag.Name)
 		case "perm.share":
-			defaults.Perm.Share, err = getBool(flags, flag.Name)
+			defaults.Perm.Share, err = flags.GetBool(flag.Name)
 		case "perm.download":
-			defaults.Perm.Download, err = getBool(flags, flag.Name)
+			defaults.Perm.Download, err = flags.GetBool(flag.Name)
 		case "commands":
 			defaults.Commands, err = flags.GetStringSlice(flag.Name)
 		case "sorting.by":
-			defaults.Sorting.By, err = getString(flags, flag.Name)
+			defaults.Sorting.By, err = flags.GetString(flag.Name)
 		case "sorting.asc":
-			defaults.Sorting.Asc, err = getBool(flags, flag.Name)
+			defaults.Sorting.Asc, err = flags.GetBool(flag.Name)
-		case "hide-dotfiles":
+		case "hideDotfiles":
-			defaults.HideDotfiles, err = getBool(flags, flag.Name)
+			defaults.HideDotfiles, err = flags.GetBool(flag.Name)
 		}
+
 		if err != nil {
-			visitErr = err
+			errs = append(errs, err)
 		}
 	}
 
@@ -149,5 +148,6 @@ func getUserDefaults(flags *pflag.FlagSet, defaults *settings.UserDefaults, all
 	} else {
 		flags.Visit(visit)
 	}
-	return visitErr
+
+	return errors.Join(errs...)
 }

cmd/users_add.go

@@ -17,11 +17,12 @@ var usersAddCmd = &cobra.Command{
 	Long:  `Create a new user and add it to the database.`,
 	Args:  cobra.ExactArgs(2),
 	RunE: python(func(cmd *cobra.Command, args []string, d *pythonData) error {
+		flags := cmd.Flags()
 		s, err := d.store.Settings.Get()
 		if err != nil {
 			return err
 		}
-		err = getUserDefaults(cmd.Flags(), &s.Defaults, false)
+		err = getUserDefaults(flags, &s.Defaults, false)
 		if err != nil {
 			return err
 		}
@@ -31,27 +32,24 @@ var usersAddCmd = &cobra.Command{
 			return err
 		}
 
-		lockPassword, err := getBool(cmd.Flags(), "lockPassword")
-		if err != nil {
-			return err
-		}
-
-		dateFormat, err := getBool(cmd.Flags(), "dateFormat")
-		if err != nil {
-			return err
-		}
-
-		hideDotfiles, err := getBool(cmd.Flags(), "hideDotfiles")
-		if err != nil {
-			return err
-		}
-
 		user := &users.User{
-			Username:     args[0],
+			Username: args[0],
-			Password:     password,
+			Password: password,
-			LockPassword: lockPassword,
+		}
-			DateFormat:   dateFormat,
+
-			HideDotfiles: hideDotfiles,
+		user.LockPassword, err = flags.GetBool("lockPassword")
+		if err != nil {
+			return err
+		}
+
+		user.DateFormat, err = flags.GetBool("dateFormat")
+		if err != nil {
+			return err
+		}
+
+		user.HideDotfiles, err = flags.GetBool("hideDotfiles")
+		if err != nil {
+			return err
 		}
 
 		s.Defaults.Apply(user)

cmd/users_import.go

@@ -26,6 +26,7 @@ installation. For that, just don't place their ID on the files
 list or set it to 0.`,
 	Args: jsonYamlArg,
 	RunE: python(func(cmd *cobra.Command, args []string, d *pythonData) error {
+		flags := cmd.Flags()
 		fd, err := os.Open(args[0])
 		if err != nil {
 			return err
@@ -45,7 +46,7 @@ list or set it to 0.`,
 			}
 		}
 
-		replace, err := getBool(cmd.Flags(), "replace")
+		replace, err := flags.GetBool("replace")
 		if err != nil {
 			return err
 		}
@@ -69,7 +70,7 @@ list or set it to 0.`,
 			}
 		}
 
-		overwrite, err := getBool(cmd.Flags(), "overwrite")
+		overwrite, err := flags.GetBool("overwrite")
 		if err != nil {
 			return err
 		}
@@ -87,7 +88,7 @@ list or set it to 0.`,
 				// with the new username. If there is, print an error and cancel the
 				// operation
 				if user.Username != onDB.Username {
-					if conflictuous, err := d.store.Users.Get("", user.Username); err == nil { //nolint:govet
+					if conflictuous, err := d.store.Users.Get("", user.Username); err == nil {
 						return usernameConflictError(user.Username, conflictuous.ID, user.ID)
 					}
 				}

cmd/users_update.go

@@ -22,13 +22,14 @@ var usersUpdateCmd = &cobra.Command{
 options you want to change.`,
 	Args: cobra.ExactArgs(1),
 	RunE: python(func(cmd *cobra.Command, args []string, d *pythonData) error {
-		username, id := parseUsernameOrID(args[0])
 		flags := cmd.Flags()
-		password, err := getString(flags, "password")
+		username, id := parseUsernameOrID(args[0])
+		password, err := flags.GetString("password")
 		if err != nil {
 			return err
 		}
-		newUsername, err := getString(flags, "username")
+
+		newUsername, err := flags.GetString("username")
 		if err != nil {
 			return err
 		}
@@ -41,13 +42,11 @@ options you want to change.`,
 		var (
 			user *users.User
 		)
-
 		if id != 0 {
 			user, err = d.store.Users.Get("", id)
 		} else {
 			user, err = d.store.Users.Get("", username)
 		}
-
 		if err != nil {
 			return err
 		}
@@ -61,10 +60,12 @@ options you want to change.`,
 			Sorting:     user.Sorting,
 			Commands:    user.Commands,
 		}
+
 		err = getUserDefaults(flags, &defaults, false)
 		if err != nil {
 			return err
 		}
+
 		user.Scope = defaults.Scope
 		user.Locale = defaults.Locale
 		user.ViewMode = defaults.ViewMode
@@ -72,15 +73,17 @@ options you want to change.`,
 		user.Perm = defaults.Perm
 		user.Commands = defaults.Commands
 		user.Sorting = defaults.Sorting
-		user.LockPassword, err = getBool(flags, "lockPassword")
+		user.LockPassword, err = flags.GetBool("lockPassword")
 		if err != nil {
 			return err
 		}
-		user.DateFormat, err = getBool(flags, "dateFormat")
+
+		user.DateFormat, err = flags.GetBool("dateFormat")
 		if err != nil {
 			return err
 		}
-		user.HideDotfiles, err = getBool(flags, "hideDotfiles")
+
+		user.HideDotfiles, err = flags.GetBool("hideDotfiles")
 		if err != nil {
 			return err
 		}

cmd/utils.go

@@ -12,8 +12,11 @@ import (
 	"strings"
 
 	"github.com/asdine/storm/v3"
+	homedir "github.com/mitchellh/go-homedir"
+	"github.com/samber/lo"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
+	"github.com/spf13/viper"
 	yaml "gopkg.in/yaml.v3"
 
 	"github.com/filebrowser/filebrowser/v2/settings"
@@ -21,42 +24,21 @@ import (
 	"github.com/filebrowser/filebrowser/v2/storage/bolt"
 )
 
-const dbPerms = 0640
+const databasePermissions = 0640
 
-func returnErr(err error) error {
+func getAndParseFileMode(flags *pflag.FlagSet, name string) (fs.FileMode, error) {
-	if err != nil {
+	mode, err := flags.GetString(name)
-		return err
-	}
-	return nil
-}
-
-func getString(flags *pflag.FlagSet, flag string) (string, error) {
-	s, err := flags.GetString(flag)
-	return s, returnErr(err)
-}
-
-func getMode(flags *pflag.FlagSet, flag string) (fs.FileMode, error) {
-	s, err := getString(flags, flag)
 	if err != nil {
 		return 0, err
 	}
-	b, err := strconv.ParseUint(s, 0, 32)
+
+	b, err := strconv.ParseUint(mode, 0, 32)
 	if err != nil {
 		return 0, err
 	}
 	return fs.FileMode(b), nil
 }
 
-func getBool(flags *pflag.FlagSet, flag string) (bool, error) {
-	b, err := flags.GetBool(flag)
-	return b, returnErr(err)
-}
-
-func getUint(flags *pflag.FlagSet, flag string) (uint, error) {
-	b, err := flags.GetUint(flag)
-	return b, returnErr(err)
-}
-
 func generateKey() []byte {
 	k, err := settings.GenerateKey()
 	if err != nil {
@@ -65,20 +47,6 @@ func generateKey() []byte {
 	return k
 }
 
-type cobraFunc func(cmd *cobra.Command, args []string) error
-type pythonFunc func(cmd *cobra.Command, args []string, data *pythonData) error
-
-type pythonConfig struct {
-	noDB      bool
-	allowNoDB bool
-}
-
-type pythonData struct {
-	hadDB bool
-	store *storage.Storage
-	err   error
-}
-
 func dbExists(path string) (bool, error) {
 	stat, err := os.Stat(path)
 	if err == nil {
@@ -89,7 +57,7 @@ func dbExists(path string) (bool, error) {
 		d := filepath.Dir(path)
 		_, err = os.Stat(d)
 		if os.IsNotExist(err) {
-			if err := os.MkdirAll(d, 0700); err != nil { //nolint:govet
+			if err := os.MkdirAll(d, 0700); err != nil {
 				return false, err
 			}
 			return false, nil
@@ -99,38 +67,131 @@ func dbExists(path string) (bool, error) {
 	return false, err
 }
 
+// Generate the replacements for all environment variables. This allows to
+// use FB_BRANDING_DISABLE_EXTERNAL environment variables, even when the
+// option name is branding.disableExternal.
+func generateEnvKeyReplacements(cmd *cobra.Command) []string {
+	replacements := []string{}
+
+	cmd.Flags().VisitAll(func(f *pflag.Flag) {
+		oldName := strings.ToUpper(f.Name)
+		newName := strings.ToUpper(lo.SnakeCase(f.Name))
+		replacements = append(replacements, oldName, newName)
+	})
+
+	return replacements
+}
+
+func initViper(cmd *cobra.Command) (*viper.Viper, error) {
+	v := viper.New()
+
+	// Get config file from flag
+	cfgFile, err := cmd.Flags().GetString("config")
+	if err != nil {
+		return nil, err
+	}
+
+	// Configuration file
+	if cfgFile == "" {
+		home, err := homedir.Dir()
+		if err != nil {
+			return nil, err
+		}
+		v.AddConfigPath(".")
+		v.AddConfigPath(home)
+		v.AddConfigPath("/etc/filebrowser/")
+		v.SetConfigName(".filebrowser")
+	} else {
+		v.SetConfigFile(cfgFile)
+	}
+
+	// Environment variables
+	v.SetEnvPrefix("FB")
+	v.AutomaticEnv()
+	v.SetEnvKeyReplacer(strings.NewReplacer(generateEnvKeyReplacements(cmd)...))
+
+	// Bind the flags
+	err = v.BindPFlags(cmd.Flags())
+	if err != nil {
+		return nil, err
+	}
+
+	// Read in configuration
+	if err := v.ReadInConfig(); err != nil {
+		if errors.Is(err, viper.ConfigParseError{}) {
+			return nil, err
+		}
+
+		log.Println("No config file used")
+	} else {
+		log.Printf("Using config file: %s", v.ConfigFileUsed())
+	}
+
+	// Return Viper
+	return v, nil
+}
+
+type cobraFunc func(cmd *cobra.Command, args []string) error
+type pythonFunc func(cmd *cobra.Command, args []string, data *pythonData) error
+
+type pythonConfig struct {
+	expectsNoDatabase bool
+	allowsNoDatabase  bool
+}
+
+type pythonData struct {
+	databaseExisted bool
+	viper           *viper.Viper
+	store           *storage.Storage
+}
+
 func python(fn pythonFunc, cfg pythonConfig) cobraFunc {
 	return func(cmd *cobra.Command, args []string) error {
-		data := &pythonData{hadDB: true}
+		v, err := initViper(cmd)
+		if err != nil {
+			return err
+		}
+
+		data := &pythonData{databaseExisted: true}
+		path := v.GetString("database")
+
+		// Only make the viper instance available to the root command (filebrowser).
+		// This is to make sure that we don't make the mistake of using it somewhere
+		// else.
+		if cmd.Name() == "filebrowser" {
+			data.viper = v
+		}
 
-		path := getStringParam(cmd.Flags(), "database")
 		absPath, err := filepath.Abs(path)
 		if err != nil {
-			panic(err)
+			return err
 		}
-		exists, err := dbExists(path)
 
+		exists, err := dbExists(path)
 		if err != nil {
-			panic(err)
+			return err
-		} else if exists && cfg.noDB {
+		} else if exists && cfg.expectsNoDatabase {
 			log.Fatal(absPath + " already exists")
-		} else if !exists && !cfg.noDB && !cfg.allowNoDB {
+		} else if !exists && !cfg.expectsNoDatabase && !cfg.allowsNoDatabase {
 			log.Fatal(absPath + " does not exist. Please run 'filebrowser config init' first.")
-		} else if !exists && !cfg.noDB {
+		} else if !exists && !cfg.expectsNoDatabase {
 			log.Println("Warning: filebrowser.db can't be found. Initialing in " + strings.TrimSuffix(absPath, "filebrowser.db"))
 		}
 
 		log.Println("Using database: " + absPath)
-		data.hadDB = exists
+		data.databaseExisted = exists
-		db, err := storm.Open(path, storm.BoltOptions(dbPerms, nil))
+
+		db, err := storm.Open(path, storm.BoltOptions(databasePermissions, nil))
 		if err != nil {
 			return err
 		}
 		defer db.Close()
+
 		data.store, err = bolt.NewStorage(db)
 		if err != nil {
 			return err
 		}
+
 		return fn(cmd, args, data)
 	}
 }

diskcache/file_cache.go

@@ -2,7 +2,7 @@ package diskcache
 
 import (
 	"context"
-	"crypto/sha1" //nolint:gosec
+	"crypto/sha1"
 	"encoding/hex"
 	"errors"
 	"fmt"
@@ -103,7 +103,7 @@ func (f *FileCache) getScopedLocks(key string) (lock sync.Locker) {
 }
 
 func (f *FileCache) getFileName(key string) string {
-	hasher := sha1.New() //nolint:gosec
+	hasher := sha1.New()
 	_, _ = hasher.Write([]byte(key))
 	hash := hex.EncodeToString(hasher.Sum(nil))
 	return fmt.Sprintf("%s/%s/%s", hash[:1], hash[1:3], hash)

diskcache/file_cache_test.go

@@ -40,7 +40,7 @@ func TestFileCache(t *testing.T) {
 	require.False(t, exists)
 }
 
-func checkValue(t *testing.T, ctx context.Context, fs afero.Fs, fileFullPath string, cache *FileCache, key, wantValue string) { //nolint:revive
+func checkValue(t *testing.T, ctx context.Context, fs afero.Fs, fileFullPath string, cache *FileCache, key, wantValue string) {
 	t.Helper()
 	// check actual file content
 	b, err := afero.ReadFile(fs, fileFullPath)

docker/common/defaults/settings.json

@@ -5,4 +5,4 @@
   "log": "stdout",
   "database": "/database/filebrowser.db",
   "root": "/srv"
-}
+}

errors/errors.go

@@ -3,15 +3,6 @@ package errors
 import (
 	"errors"
 	"fmt"
-	"os"
-	"syscall"
-)
-
-const (
-	ExitCodeSigTerm = 128 + int(syscall.SIGTERM)
-	ExitCodeSighup  = 128 + int(syscall.SIGHUP)
-	ExitCodeSigint  = 128 + int(syscall.SIGINT)
-	ExitCodeSigquit = 128 + int(syscall.SIGQUIT)
 )
 
 var (
@@ -31,10 +22,6 @@ var (
 	ErrInvalidRequestParams = errors.New("invalid request params")
 	ErrSourceIsParent       = errors.New("source is parent")
 	ErrRootUserDeletion     = errors.New("user with id 1 can't be deleted")
-	ErrSigTerm              = errors.New("exit on signal: sigterm")
-	ErrSighup               = errors.New("exit on signal: sighup")
-	ErrSigint               = errors.New("exit on signal: sigint")
-	ErrSigquit              = errors.New("exit on signal: sigquit")
 )
 
 type ErrShortPassword struct {
@@ -44,44 +31,3 @@ type ErrShortPassword struct {
 func (e ErrShortPassword) Error() string {
 	return fmt.Sprintf("password is too short, minimum length is %d", e.MinimumLength)
 }
-
-// GetExitCode returns the exit code for a given error.
-func GetExitCode(err error) int {
-	if err == nil {
-		return 0
-	}
-
-	exitCodeMap := map[error]int{
-		ErrSigTerm: ExitCodeSigTerm,
-		ErrSighup:  ExitCodeSighup,
-		ErrSigint:  ExitCodeSigint,
-		ErrSigquit: ExitCodeSigquit,
-	}
-
-	for e, code := range exitCodeMap {
-		if errors.Is(err, e) {
-			return code
-		}
-	}
-
-	if exitErr, ok := err.(interface{ ExitCode() int }); ok {
-		return exitErr.ExitCode()
-	}
-
-	var pathErr *os.PathError
-	if errors.As(err, &pathErr) {
-		return 1
-	}
-
-	var syscallErr *os.SyscallError
-	if errors.As(err, &syscallErr) {
-		return 1
-	}
-
-	var errno syscall.Errno
-	if errors.As(err, &errno) {
-		return 1
-	}
-
-	return 1
-}

files/file.go

@@ -1,8 +1,8 @@
 package files
 
 import (
-	"crypto/md5"  //nolint:gosec
+	"crypto/md5"
-	"crypto/sha1" //nolint:gosec
+	"crypto/sha1"
 	"crypto/sha256"
 	"crypto/sha512"
 	"encoding/hex"
@@ -90,7 +90,7 @@ func NewFileInfo(opts *FileOptions) (*FileInfo, error) {
 
 	if opts.Expand {
 		if file.IsDir {
-			if err := file.readListing(opts.Checker, opts.ReadHeader); err != nil { //nolint:govet
+			if err := file.readListing(opts.Checker, opts.ReadHeader); err != nil {
 				return nil, err
 			}
 			return file, nil
@@ -183,7 +183,6 @@ func (i *FileInfo) Checksum(algo string) error {
 
 	var h hash.Hash
 
-	//nolint:gosec
 	switch algo {
 	case "md5":
 		h = md5.New()

files/mime.go

@@ -600,7 +600,6 @@ var types = map[string]string{
 	".epub":      "application/epub+zip",
 }
 
-//nolint:gochecknoinits
 func init() {
 	for ext, typ := range types {
 		// skip errors

frontend/pnpm-lock.yaml

@@ -161,7 +161,7 @@ importers:
         version: 2.3.1(rollup@4.52.5)
       vue-tsc:
         specifier: ^3.1.3
-        version: 3.1.3(typescript@5.9.3)
+        version: 3.1.4(typescript@5.9.3)
 
 packages:
 
@@ -1303,8 +1303,8 @@ packages:
       typescript:
         optional: true
 
-  '@vue/language-core@3.1.3':
+  '@vue/language-core@3.1.4':
-    resolution: {integrity: sha512-KpR1F/eGAG9D1RZ0/T6zWJs6dh/pRLfY5WupecyYKJ1fjVmDMgTPw9wXmKv2rBjo4zCJiOSiyB8BDP1OUwpMEA==}
+    resolution: {integrity: sha512-n/58wm8SkmoxMWkUNUH/PwoovWe4hmdyPJU2ouldr3EPi1MLoS7iDN46je8CsP95SnVBs2axInzRglPNKvqMcg==}
     peerDependencies:
       typescript: '*'
     peerDependenciesMeta:
@@ -2484,8 +2484,8 @@ packages:
     peerDependencies:
       vue: ^3.0.2
 
-  vue-tsc@3.1.3:
+  vue-tsc@3.1.4:
-    resolution: {integrity: sha512-StMNfZHwPIXQgY3KxPKM0Jsoc8b46mDV3Fn2UlHCBIwRJApjqrSwqeMYgWf0zpN+g857y74pv7GWuBm+UqQe1w==}
+    resolution: {integrity: sha512-GsRJxttj4WkmXW/zDwYPGMJAN3np/4jTzoDFQTpTsI5Vg/JKMWamBwamlmLihgSVHO66y9P7GX+uoliYxeI4Hw==}
     hasBin: true
     peerDependencies:
       typescript: '>=5.0.0'
@@ -3828,7 +3828,7 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  '@vue/language-core@3.1.3(typescript@5.9.3)':
+  '@vue/language-core@3.1.4(typescript@5.9.3)':
     dependencies:
       '@volar/language-core': 2.4.23
       '@vue/compiler-dom': 3.5.24
@@ -4966,10 +4966,10 @@ snapshots:
     dependencies:
       vue: 3.5.24(typescript@5.9.3)
 
-  vue-tsc@3.1.3(typescript@5.9.3):
+  vue-tsc@3.1.4(typescript@5.9.3):
     dependencies:
       '@volar/typescript': 2.4.23
-      '@vue/language-core': 3.1.3(typescript@5.9.3)
+      '@vue/language-core': 3.1.4(typescript@5.9.3)
       typescript: 5.9.3
 
   vue@3.5.24(typescript@5.9.3):

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/marusama/semaphore/v2 v2.5.0
 	github.com/mholt/archives v0.1.5
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/pelletier/go-toml/v2 v2.2.4
+	github.com/samber/lo v1.52.0
 	github.com/shirou/gopsutil/v4 v4.25.10
 	github.com/spf13/afero v1.15.0
 	github.com/spf13/cobra v1.10.1
@@ -24,7 +24,6 @@ require (
 	github.com/spf13/viper v1.21.0
 	github.com/stretchr/testify v1.11.1
 	github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce
-	go.etcd.io/bbolt v1.4.3
 	golang.org/x/crypto v0.44.0
 	golang.org/x/image v0.33.0
 	golang.org/x/text v0.31.0
@@ -40,6 +39,7 @@ require (
 	github.com/bodgit/plumbing v1.3.0 // indirect
 	github.com/bodgit/sevenzip v1.6.1 // indirect
 	github.com/bodgit/windows v1.0.1 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 // indirect
 	github.com/dsoprea/go-logging v0.0.0-20200710184922-b02d349568dd // indirect
@@ -58,9 +58,11 @@ require (
 	github.com/mikelolasagasti/xz v1.0.1 // indirect
 	github.com/minio/minlz v1.0.1 // indirect
 	github.com/nwaples/rardecode/v2 v2.2.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pierrec/lz4/v4 v4.1.22 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sagikazarmark/locafero v0.11.0 // indirect
 	github.com/sorairolake/lzip-go v0.3.8 // indirect
 	github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
@@ -68,6 +70,7 @@ require (
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/ulikunitz/xz v0.5.15 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
+	go.etcd.io/bbolt v1.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
 	golang.org/x/net v0.46.0 // indirect

go.sum

@@ -47,6 +47,7 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -196,10 +197,13 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/rwcarlsen/goexif v0.0.0-20190401172101-9e8deecbddbd/go.mod h1:hPqNNc0+uJM6H+SuU8sEs5K5IQeKccPqeSjfgcKGgPk=
 github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc=
 github.com/sagikazarmark/locafero v0.11.0/go.mod h1:nVIGvgyzw595SUSUE6tvCp3YYTeHs15MvlmU87WwIik=
+github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw=
+github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
 github.com/shirou/gopsutil/v4 v4.25.10 h1:at8lk/5T1OgtuCp+AwrDofFRjnvosn0nkN2OLQ6g8tA=
 github.com/shirou/gopsutil/v4 v4.25.10/go.mod h1:+kSwyC8DRUD9XXEHCAFjK+0nuArFJM0lva+StQAcskM=
 github.com/sorairolake/lzip-go v0.3.8 h1:j5Q2313INdTA80ureWYRhX+1K78mUXfMoPZCw/ivWik=

http/commands.go

@@ -28,7 +28,6 @@ var (
 	cmdNotAllowed = []byte("Command not allowed.")
 )
 
-//nolint:unparam
 func wsErr(ws *websocket.Conn, r *http.Request, status int, err error) {
 	txt := http.StatusText(status)
 	if err != nil || status >= 400 {
@@ -49,7 +48,7 @@ var commandsHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *d
 	var raw string
 
 	for {
-		_, msg, err := conn.ReadMessage() //nolint:govet
+		_, msg, err := conn.ReadMessage()
 		if err != nil {
 			wsErr(conn, r, http.StatusInternalServerError, err)
 			return 0, nil
@@ -63,7 +62,7 @@ var commandsHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *d
 
 	// Fail fast
 	if !d.server.EnableExec || !d.user.Perm.Execute {
-		if err := conn.WriteMessage(websocket.TextMessage, cmdNotAllowed); err != nil { //nolint:govet
+		if err := conn.WriteMessage(websocket.TextMessage, cmdNotAllowed); err != nil {
 			wsErr(conn, r, http.StatusInternalServerError, err)
 		}
 
@@ -72,21 +71,21 @@ var commandsHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *d
 
 	command, name, err := runner.ParseCommand(d.settings, raw)
 	if err != nil {
-		if err := conn.WriteMessage(websocket.TextMessage, []byte(err.Error())); err != nil { //nolint:govet
+		if err := conn.WriteMessage(websocket.TextMessage, []byte(err.Error())); err != nil {
 			wsErr(conn, r, http.StatusInternalServerError, err)
 		}
 		return 0, nil
 	}
 
 	if !slices.Contains(d.user.Commands, name) {
-		if err := conn.WriteMessage(websocket.TextMessage, cmdNotAllowed); err != nil { //nolint:govet
+		if err := conn.WriteMessage(websocket.TextMessage, cmdNotAllowed); err != nil {
 			wsErr(conn, r, http.StatusInternalServerError, err)
 		}
 
 		return 0, nil
 	}
 
-	cmd := exec.Command(command[0], command[1:]...) //nolint:gosec
+	cmd := exec.Command(command[0], command[1:]...)
 	cmd.Dir = d.user.FullPath(r.URL.Path)
 
 	stdout, err := cmd.StdoutPipe()

http/public_test.go

@@ -19,7 +19,7 @@ import (
 func TestPublicShareHandlerAuthentication(t *testing.T) {
 	t.Parallel()
 
-	const passwordBcrypt = "$2y$10$TFAmdCbyd/mEZDe5fUeZJu.MaJQXRTwdqb/IQV.eTn6dWrF58gCSe" //nolint:gosec
+	const passwordBcrypt = "$2y$10$TFAmdCbyd/mEZDe5fUeZJu.MaJQXRTwdqb/IQV.eTn6dWrF58gCSe"
 	testCases := map[string]struct {
 		share              *share.Link
 		req                *http.Request
@@ -70,7 +70,7 @@ func TestPublicShareHandlerAuthentication(t *testing.T) {
 				}
 
 				t.Cleanup(func() {
-					if err := db.Close(); err != nil { //nolint:govet
+					if err := db.Close(); err != nil {
 						t.Errorf("failed to close db: %v", err)
 					}
 				})

http/share.go

@@ -111,7 +111,6 @@ var sharePostHandler = withPermShare(func(w http.ResponseWriter, r *http.Request
 	var expire int64 = 0
 
 	if body.Expires != "" {
-		//nolint:govet
 		num, err := strconv.Atoi(body.Expires)
 		if err != nil {
 			return http.StatusInternalServerError, err

http/static.go

@@ -51,7 +51,7 @@ func handleWithStaticData(w http.ResponseWriter, _ *http.Request, d *data, fSys
 
 	if d.settings.Branding.Files != "" {
 		fPath := filepath.Join(d.settings.Branding.Files, "custom.css")
-		_, err := os.Stat(fPath) //nolint:govet
+		_, err := os.Stat(fPath)
 
 		if err != nil && !os.IsNotExist(err) {
 			log.Printf("couldn't load custom styles: %v", err)
@@ -63,7 +63,7 @@ func handleWithStaticData(w http.ResponseWriter, _ *http.Request, d *data, fSys
 	}
 
 	if d.settings.AuthMethod == auth.MethodJSONAuth {
-		raw, err := d.store.Auth.Get(d.settings.AuthMethod) //nolint:govet
+		raw, err := d.store.Auth.Get(d.settings.AuthMethod)
 		if err != nil {
 			return http.StatusInternalServerError, err
 		}

img/service.go

@@ -184,7 +184,7 @@ func (s *Service) Resize(ctx context.Context, in io.Reader, width, height int, o
 	case ResizeModeFill:
 		img = imaging.Fill(img, width, height, imaging.Center, config.quality.resampleFilter())
 	case ResizeModeFit:
-		fallthrough //nolint:gocritic
+		fallthrough
 	default:
 		img = imaging.Fit(img, width, height, config.quality.resampleFilter())
 	}

main.go

@@ -4,11 +4,10 @@ import (
 	"os"
 
 	"github.com/filebrowser/filebrowser/v2/cmd"
-	"github.com/filebrowser/filebrowser/v2/errors"
 )
 
 func main() {
 	if err := cmd.Execute(); err != nil {
-		os.Exit(errors.GetExitCode(err))
+		os.Exit(1)
 	}
 }

runner/runner.go

@@ -89,9 +89,9 @@ func (r *Runner) exec(raw, evt, path, dst string, user *users.User) error {
 		command[i] = os.Expand(arg, envMapping)
 	}
 
-	cmd := exec.Command(command[0], command[1:]...) //nolint:gosec
+	cmd := exec.Command(command[0], command[1:]...)
 	cmd.Env = append(os.Environ(), fmt.Sprintf("FILE=%s", path))
-	cmd.Env = append(cmd.Env, fmt.Sprintf("SCOPE=%s", user.Scope)) //nolint:gocritic
+	cmd.Env = append(cmd.Env, fmt.Sprintf("SCOPE=%s", user.Scope))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("TRIGGER=%s", evt))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("USERNAME=%s", user.Username))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("DESTINATION=%s", dst))

storage/bolt/importer/conf.go

@@ -1,187 +0,0 @@
-package importer
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-
-	"github.com/asdine/storm/v3"
-	"github.com/pelletier/go-toml/v2"
-	"gopkg.in/yaml.v3"
-
-	"github.com/filebrowser/filebrowser/v2/auth"
-	"github.com/filebrowser/filebrowser/v2/settings"
-	"github.com/filebrowser/filebrowser/v2/storage"
-	"github.com/filebrowser/filebrowser/v2/users"
-)
-
-type oldDefs struct {
-	Commands      []string `json:"commands" yaml:"commands" toml:"commands"`
-	Scope         string   `json:"scope" yaml:"scope" toml:"scope"`
-	ViewMode      string   `json:"viewMode" yaml:"viewMode" toml:"viewMode"`
-	Locale        string   `json:"locale" yaml:"locale" toml:"locale"`
-	AllowCommands bool     `json:"allowCommands" yaml:"allowCommands" toml:"allowCommands"`
-	AllowEdit     bool     `json:"allowEdit" yaml:"allowEdit" toml:"allowEdit"`
-	AllowNew      bool     `json:"allowNew" yaml:"allowNew" toml:"allowNew"`
-}
-
-type oldAuth struct {
-	Method  string `json:"method" yaml:"method" toml:"method"` // default none proxy
-	Header  string `json:"header" yaml:"header" toml:"header"`
-	Command string `json:"command" yaml:"command" toml:"command"`
-}
-
-type oldConf struct {
-	Port      string  `json:"port" yaml:"port" toml:"port"`
-	BaseURL   string  `json:"baseURL" yaml:"baseURL" toml:"baseURL"`
-	Log       string  `json:"log" yaml:"log" toml:"log"`
-	Address   string  `json:"address" yaml:"address" toml:"address"`
-	Defaults  oldDefs `json:"defaults" yaml:"defaults" toml:"defaults"`
-	ReCaptcha struct {
-		Key    string `json:"key" yaml:"key" toml:"key"`
-		Secret string `json:"secret" yaml:"secret" toml:"secret"`
-		Host   string `json:"host" yaml:"host" toml:"host"`
-	} `json:"recaptcha" yaml:"recaptcha" toml:"recaptcha"`
-	Auth oldAuth `json:"auth" yaml:"auth" toml:"auth"`
-}
-
-var defaults = &oldConf{
-	Port: "0",
-	Log:  "stdout",
-	Defaults: oldDefs{
-		Commands:      []string{"git", "svn", "hg"},
-		ViewMode:      string(users.MosaicViewMode),
-		AllowCommands: true,
-		AllowEdit:     true,
-		AllowNew:      true,
-		Locale:        "en",
-	},
-	Auth: oldAuth{
-		Method: "default",
-	},
-}
-
-func readConf(path string) (*oldConf, error) {
-	cfg := &oldConf{}
-	if path != "" {
-		ext := filepath.Ext(path)
-
-		fd, err := os.Open(path)
-		if err != nil {
-			return nil, err
-		}
-		defer fd.Close()
-
-		switch ext {
-		case ".json":
-			err = json.NewDecoder(fd).Decode(cfg)
-		case ".toml":
-			err = toml.NewDecoder(fd).Decode(cfg)
-		case ".yaml", ".yml":
-			err = yaml.NewDecoder(fd).Decode(cfg)
-		default:
-			return nil, errors.New("unsupported config extension " + ext)
-		}
-
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		cfg = defaults
-		path, err := filepath.Abs(".")
-		if err != nil {
-			return nil, err
-		}
-		cfg.Defaults.Scope = path
-	}
-	return cfg, nil
-}
-
-func importConf(db *storm.DB, path string, sto *storage.Storage) error {
-	cfg, err := readConf(path)
-	if err != nil {
-		return err
-	}
-
-	commands := map[string][]string{}
-	err = db.Get("config", "commands", &commands)
-	if err != nil {
-		return err
-	}
-
-	key := []byte{}
-	err = db.Get("config", "key", &key)
-	if err != nil {
-		return err
-	}
-
-	s := &settings.Settings{
-		Key:    key,
-		Signup: false,
-		Defaults: settings.UserDefaults{
-			Scope:    cfg.Defaults.Scope,
-			Commands: cfg.Defaults.Commands,
-			ViewMode: users.ViewMode(cfg.Defaults.ViewMode),
-			Locale:   cfg.Defaults.Locale,
-			Perm: users.Permissions{
-				Admin:    false,
-				Execute:  cfg.Defaults.AllowCommands,
-				Create:   cfg.Defaults.AllowNew,
-				Rename:   cfg.Defaults.AllowEdit,
-				Modify:   cfg.Defaults.AllowEdit,
-				Delete:   cfg.Defaults.AllowEdit,
-				Share:    true,
-				Download: true,
-			},
-		},
-	}
-
-	server := &settings.Server{
-		BaseURL: cfg.BaseURL,
-		Port:    cfg.Port,
-		Address: cfg.Address,
-		Log:     cfg.Log,
-	}
-
-	var auther auth.Auther
-	switch cfg.Auth.Method {
-	case "proxy":
-		auther = &auth.ProxyAuth{Header: cfg.Auth.Header}
-		s.AuthMethod = auth.MethodProxyAuth
-	case "hook":
-		auther = &auth.HookAuth{Command: cfg.Auth.Command}
-		s.AuthMethod = auth.MethodHookAuth
-	case "none":
-		auther = &auth.NoAuth{}
-		s.AuthMethod = auth.MethodNoAuth
-	default:
-		auther = &auth.JSONAuth{
-			ReCaptcha: &auth.ReCaptcha{
-				Host:   cfg.ReCaptcha.Host,
-				Key:    cfg.ReCaptcha.Key,
-				Secret: cfg.ReCaptcha.Secret,
-			},
-		}
-		s.AuthMethod = auth.MethodJSONAuth
-	}
-
-	err = sto.Auth.Save(auther)
-	if err != nil {
-		return err
-	}
-
-	err = sto.Settings.Save(s)
-	if err != nil {
-		return err
-	}
-
-	err = sto.Settings.SaveServer(server)
-	if err != nil {
-		return err
-	}
-
-	fmt.Println("Configuration successfully imported.")
-	return nil
-}

storage/bolt/importer/importer.go

@@ -1,39 +0,0 @@
-package importer
-
-import (
-	"github.com/asdine/storm/v3"
-
-	"github.com/filebrowser/filebrowser/v2/storage/bolt"
-)
-
-// Import imports an old configuration to a newer database.
-func Import(oldDBPath, oldConf, newDBPath string) error {
-	oldDB, err := storm.Open(oldDBPath)
-	if err != nil {
-		return err
-	}
-	defer oldDB.Close()
-
-	newDB, err := storm.Open(newDBPath)
-	if err != nil {
-		return err
-	}
-	defer newDB.Close()
-
-	sto, err := bolt.NewStorage(newDB)
-	if err != nil {
-		return err
-	}
-
-	err = importUsers(oldDB, sto)
-	if err != nil {
-		return err
-	}
-
-	err = importConf(oldDB, oldConf, sto)
-	if err != nil {
-		return err
-	}
-
-	return err
-}

storage/bolt/importer/users.go

@@ -1,114 +0,0 @@
-package importer
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/asdine/storm/v3"
-	bolt "go.etcd.io/bbolt"
-
-	"github.com/filebrowser/filebrowser/v2/rules"
-	"github.com/filebrowser/filebrowser/v2/storage"
-	"github.com/filebrowser/filebrowser/v2/users"
-)
-
-type oldUser struct {
-	ID            int           `storm:"id,increment"`
-	Admin         bool          `json:"admin"`
-	AllowCommands bool          `json:"allowCommands"` // Execute commands
-	AllowEdit     bool          `json:"allowEdit"`     // Edit/rename files
-	AllowNew      bool          `json:"allowNew"`      // Create files and folders
-	AllowPublish  bool          `json:"allowPublish"`  // Publish content (to use with static gen)
-	LockPassword  bool          `json:"lockPassword"`
-	Commands      []string      `json:"commands"`
-	Locale        string        `json:"locale"`
-	Password      string        `json:"password"`
-	Rules         []*rules.Rule `json:"rules"`
-	Scope         string        `json:"filesystem"`
-	Username      string        `json:"username" storm:"index,unique"`
-	ViewMode      string        `json:"viewMode"`
-}
-
-func readOldUsers(db *storm.DB) ([]*oldUser, error) {
-	var oldUsers []*oldUser
-	err := db.Bolt.View(func(tx *bolt.Tx) error {
-		return tx.Bucket([]byte("User")).ForEach(func(_ []byte, v []byte) error {
-			if len(v) > 0 && string(v)[0] == '{' {
-				user := &oldUser{}
-				err := json.Unmarshal(v, user)
-
-				if err != nil {
-					return err
-				}
-
-				oldUsers = append(oldUsers, user)
-			}
-
-			return nil
-		})
-	})
-
-	return oldUsers, err
-}
-
-func convertUsersToNew(old []*oldUser) ([]*users.User, error) {
-	list := []*users.User{}
-
-	for _, oldUser := range old {
-		user := &users.User{
-			Username:     oldUser.Username,
-			Password:     oldUser.Password,
-			Scope:        oldUser.Scope,
-			Locale:       oldUser.Locale,
-			LockPassword: oldUser.LockPassword,
-			ViewMode:     users.ViewMode(oldUser.ViewMode),
-			Commands:     oldUser.Commands,
-			Rules:        []rules.Rule{},
-			Perm: users.Permissions{
-				Admin:    oldUser.Admin,
-				Execute:  oldUser.AllowCommands,
-				Create:   oldUser.AllowNew,
-				Rename:   oldUser.AllowEdit,
-				Modify:   oldUser.AllowEdit,
-				Delete:   oldUser.AllowEdit,
-				Share:    true,
-				Download: true,
-			},
-		}
-
-		for _, rule := range oldUser.Rules {
-			user.Rules = append(user.Rules, *rule)
-		}
-
-		err := user.Clean("")
-		if err != nil {
-			return nil, err
-		}
-
-		list = append(list, user)
-	}
-
-	return list, nil
-}
-
-func importUsers(old *storm.DB, sto *storage.Storage) error {
-	oldUsers, err := readOldUsers(old)
-	if err != nil {
-		return err
-	}
-
-	newUsers, err := convertUsersToNew(oldUsers)
-	if err != nil {
-		return err
-	}
-
-	for _, user := range newUsers {
-		err = sto.Users.Save(user)
-		if err != nil {
-			return err
-		}
-	}
-
-	fmt.Printf("%d users successfully imported into the new DB.\n", len(newUsers))
-	return nil
-}

users/assets.go

@@ -9,7 +9,6 @@ import (
 var assets embed.FS
 var commonPasswords map[string]struct{}
 
-//nolint:gochecknoinits
 func init() {
 	// Password list sourced from:
 	// https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/100k-most-used-passwords-NCSC.txt

users/storage.go

@@ -63,7 +63,7 @@ func (s *Storage) Gets(baseScope string) ([]*User, error) {
 	}
 
 	for _, user := range users {
-		if err := user.Clean(baseScope); err != nil { //nolint:govet
+		if err := user.Clean(baseScope); err != nil {
 			return nil, err
 		}
 	}

users/users.go

@@ -55,8 +55,6 @@ var checkableFields = []string{
 
 // Clean cleans up a user and verifies if all its fields
 // are alright to be saved.
-//
-//nolint:gocyclo
 func (u *User) Clean(baseScope string, fields ...string) error {
 	if len(fields) == 0 {
 		fields = checkableFields
@@ -93,7 +91,7 @@ func (u *User) Clean(baseScope string, fields ...string) error {
 
 	if u.Fs == nil {
 		scope := u.Scope
-		scope = filepath.Join(baseScope, filepath.Join("/", scope)) //nolint:gocritic
+		scope = filepath.Join(baseScope, filepath.Join("/", scope))
 		u.Fs = afero.NewBasePathFs(afero.NewOsFs(), scope)
 	}
 

www/docs/authentication.md

@@ -0,0 +1,49 @@
+# Authentication
+
+There are three possible authentication methods. Each one of them has its own capabilities and specification. If you are interested in contributing with one more authentication method, please [check the guidelines](contributing.md).
+
+## JSON Auth (default)
+
+We call it JSON Authentication but it is just the default authentication method and the one that is provided by default if you don't make any changes. It is set by default, but if you've made changes before you can revert to using JSON auth:
+
+```sh
+filebrowser config set --auth.method=json
+```
+
+This method can also be extended with **reCAPTCHA** verification during login:
+
+```sh
+filebrowser config set --auth.method=json \
+  --recaptcha.key site-key \
+  --recaptcha.secret private-key
+```
+
+By default, we use [Google's reCAPTCHA](https://developers.google.com/recaptcha/docs/display) service. If you live in China, or want to use other provider, you can change the host with the following command:
+
+```sh
+filebrowser config set --recaptcha.host https://recaptcha.net
+```
+
+Where `https://recaptcha.net` is any provider you want.
+
+## Proxy Header
+
+If you have a reverse proxy you want to use to login your users, you do it via our `proxy` authentication method. To configure this method, your proxy must send an HTTP header containing the username of the logged in user:
+
+```sh
+filebrowser config set --auth.method=proxy --auth.header=X-My-Header
+```
+
+Where `X-My-Header` is the HTTP header provided by your proxy with the username.
+
+> [!WARNING]
+> 
+> File Browser will blindly trust the provided header. If the proxy can be bypassed, an attacker could simply attach the header and get admin access.
+
+### No Authentication
+
+We also provide a no authentication mechanism for users that want to use File Browser privately such in a home network. By setting this authentication method, the user with **id 1** will be used as the default users. Creating more users won't have any effect.
+
+```sh
+filebrowser config set --auth.method=noauth
+```

www/docs/cli/filebrowser-cmds-add.md

@@ -0,0 +1,29 @@
+# filebrowser cmds add
+
+Add a command to run on a specific event
+
+## Synopsis
+
+Add a command to run on a specific event.
+
+```
+filebrowser cmds add <event> <command> [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for add
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser cmds](filebrowser-cmds.md)	 - Command runner management utility
+

www/docs/cli/filebrowser-cmds-ls.md

@@ -0,0 +1,30 @@
+# filebrowser cmds ls
+
+List all commands for each event
+
+## Synopsis
+
+List all commands for each event.
+
+```
+filebrowser cmds ls [flags]
+```
+
+## Options
+
+```
+  -e, --event string   event name, without 'before' or 'after'
+  -h, --help           help for ls
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser cmds](filebrowser-cmds.md)	 - Command runner management utility
+

www/docs/cli/filebrowser-cmds-rm.md

@@ -0,0 +1,37 @@
+# filebrowser cmds rm
+
+Removes a command from an event hooker
+
+## Synopsis
+
+Removes a command from an event hooker. The provided index
+is the same that's printed when you run 'cmds ls'. Note
+that after each removal/addition, the index of the
+commands change. So be careful when removing them after each
+other.
+
+You can also specify an optional parameter (index_end) so
+you can remove all commands from 'index' to 'index_end',
+including 'index_end'.
+
+```
+filebrowser cmds rm <event> <index> [index_end] [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for rm
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser cmds](filebrowser-cmds.md)	 - Command runner management utility
+

www/docs/cli/filebrowser-cmds.md

@@ -0,0 +1,28 @@
+# filebrowser cmds
+
+Command runner management utility
+
+## Synopsis
+
+Command runner management utility.
+
+## Options
+
+```
+  -h, --help   help for cmds
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser](filebrowser.md)	 - A stylish web-based file browser
+* [filebrowser cmds add](filebrowser-cmds-add.md)	 - Add a command to run on a specific event
+* [filebrowser cmds ls](filebrowser-cmds-ls.md)	 - List all commands for each event
+* [filebrowser cmds rm](filebrowser-cmds-rm.md)	 - Removes a command from an event hooker
+

www/docs/cli/filebrowser-completion-bash.md

@@ -0,0 +1,50 @@
+# filebrowser completion bash
+
+Generate the autocompletion script for bash
+
+## Synopsis
+
+Generate the autocompletion script for the bash shell.
+
+This script depends on the 'bash-completion' package.
+If it is not installed already, you can install it via your OS's package manager.
+
+To load completions in your current shell session:
+
+	source <(filebrowser completion bash)
+
+To load completions for every new session, execute once:
+
+### Linux:
+
+	filebrowser completion bash > /etc/bash_completion.d/filebrowser
+
+### macOS:
+
+	filebrowser completion bash > $(brew --prefix)/etc/bash_completion.d/filebrowser
+
+You will need to start a new shell for this setup to take effect.
+
+
+```
+filebrowser completion bash
+```
+
+## Options
+
+```
+  -h, --help              help for bash
+      --no-descriptions   disable completion descriptions
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser completion](filebrowser-completion.md)	 - Generate the autocompletion script for the specified shell
+

www/docs/cli/filebrowser-completion-fish.md

@@ -0,0 +1,41 @@
+# filebrowser completion fish
+
+Generate the autocompletion script for fish
+
+## Synopsis
+
+Generate the autocompletion script for the fish shell.
+
+To load completions in your current shell session:
+
+	filebrowser completion fish | source
+
+To load completions for every new session, execute once:
+
+	filebrowser completion fish > ~/.config/fish/completions/filebrowser.fish
+
+You will need to start a new shell for this setup to take effect.
+
+
+```
+filebrowser completion fish [flags]
+```
+
+## Options
+
+```
+  -h, --help              help for fish
+      --no-descriptions   disable completion descriptions
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser completion](filebrowser-completion.md)	 - Generate the autocompletion script for the specified shell
+

www/docs/cli/filebrowser-completion-powershell.md

@@ -0,0 +1,38 @@
+# filebrowser completion powershell
+
+Generate the autocompletion script for powershell
+
+## Synopsis
+
+Generate the autocompletion script for powershell.
+
+To load completions in your current shell session:
+
+	filebrowser completion powershell | Out-String | Invoke-Expression
+
+To load completions for every new session, add the output of the above command
+to your powershell profile.
+
+
+```
+filebrowser completion powershell [flags]
+```
+
+## Options
+
+```
+  -h, --help              help for powershell
+      --no-descriptions   disable completion descriptions
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser completion](filebrowser-completion.md)	 - Generate the autocompletion script for the specified shell
+

www/docs/cli/filebrowser-completion-zsh.md

@@ -0,0 +1,52 @@
+# filebrowser completion zsh
+
+Generate the autocompletion script for zsh
+
+## Synopsis
+
+Generate the autocompletion script for the zsh shell.
+
+If shell completion is not already enabled in your environment you will need
+to enable it.  You can execute the following once:
+
+	echo "autoload -U compinit; compinit" >> ~/.zshrc
+
+To load completions in your current shell session:
+
+	source <(filebrowser completion zsh)
+
+To load completions for every new session, execute once:
+
+### Linux:
+
+	filebrowser completion zsh > "${fpath[1]}/_filebrowser"
+
+### macOS:
+
+	filebrowser completion zsh > $(brew --prefix)/share/zsh/site-functions/_filebrowser
+
+You will need to start a new shell for this setup to take effect.
+
+
+```
+filebrowser completion zsh [flags]
+```
+
+## Options
+
+```
+  -h, --help              help for zsh
+      --no-descriptions   disable completion descriptions
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser completion](filebrowser-completion.md)	 - Generate the autocompletion script for the specified shell
+

www/docs/cli/filebrowser-completion.md

@@ -0,0 +1,31 @@
+# filebrowser completion
+
+Generate the autocompletion script for the specified shell
+
+## Synopsis
+
+Generate the autocompletion script for filebrowser for the specified shell.
+See each sub-command's help for details on how to use the generated script.
+
+
+## Options
+
+```
+  -h, --help   help for completion
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser](filebrowser.md)	 - A stylish web-based file browser
+* [filebrowser completion bash](filebrowser-completion-bash.md)	 - Generate the autocompletion script for bash
+* [filebrowser completion fish](filebrowser-completion-fish.md)	 - Generate the autocompletion script for fish
+* [filebrowser completion powershell](filebrowser-completion-powershell.md)	 - Generate the autocompletion script for powershell
+* [filebrowser completion zsh](filebrowser-completion-zsh.md)	 - Generate the autocompletion script for zsh
+

www/docs/cli/filebrowser-config-cat.md

@@ -0,0 +1,29 @@
+# filebrowser config cat
+
+Prints the configuration
+
+## Synopsis
+
+Prints the configuration.
+
+```
+filebrowser config cat [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for cat
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser config](filebrowser-config.md)	 - Configuration management utility
+

www/docs/cli/filebrowser-config-export.md

@@ -0,0 +1,31 @@
+# filebrowser config export
+
+Export the configuration to a file
+
+## Synopsis
+
+Export the configuration to a file. The path must be for a
+json or yaml file. This exported configuration can be changed,
+and imported again with 'config import' command.
+
+```
+filebrowser config export <path> [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for export
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser config](filebrowser-config.md)	 - Configuration management utility
+

www/docs/cli/filebrowser-config-import.md

@@ -0,0 +1,36 @@
+# filebrowser config import
+
+Import a configuration file
+
+## Synopsis
+
+Import a configuration file. This will replace all the existing
+configuration. Can be used with or without unexisting databases.
+
+If used with a nonexisting database, a key will be generated
+automatically. Otherwise the key will be kept the same as in the
+database.
+
+The path must be for a json or yaml file.
+
+```
+filebrowser config import <path> [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for import
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser config](filebrowser-config.md)	 - Configuration management utility
+

www/docs/cli/filebrowser-config-init.md

@@ -0,0 +1,86 @@
+# filebrowser config init
+
+Initialize a new database
+
+## Synopsis
+
+Initialize a new database to use with File Browser. All of
+this options can be changed in the future with the command
+'filebrowser config set'. The user related flags apply
+to the defaults when creating new users and you don't
+override the options.
+
+```
+filebrowser config init [flags]
+```
+
+## Options
+
+```
+      --aceEditorTheme string            ace editor's syntax highlighting theme for users
+  -a, --address string                   address to listen on (default "127.0.0.1")
+      --auth.command string              command for auth.method=hook
+      --auth.header string               HTTP header for auth.method=proxy
+      --auth.method string               authentication type (default "json")
+  -b, --baseURL string                   base url
+      --branding.color string            set the theme color
+      --branding.disableExternal         disable external links such as GitHub links
+      --branding.disableUsedPercentage   disable used disk percentage graph
+      --branding.files string            path to directory with images and custom styles
+      --branding.name string             replace 'File Browser' by this name
+      --branding.theme string            set the theme
+  -t, --cert string                      tls certificate
+      --commands strings                 a list of the commands a user can execute
+      --createUserDir                    generate user's home directory automatically
+      --dateFormat                       use date format (true for absolute time, false for relative)
+      --dirMode string                   mode bits that new directories are created with (default "0o750")
+      --disableExec                      disables Command Runner feature (default true)
+      --disablePreviewResize             disable resize of image previews
+      --disableThumbnails                disable image thumbnails
+      --disableTypeDetectionByHeader     disables type detection by reading file headers
+      --fileMode string                  mode bits that new files are created with (default "0o640")
+  -h, --help                             help for init
+      --hideDotfiles                     hide dotfiles
+      --hideLoginButton                  hide login button from public pages
+  -k, --key string                       tls key
+      --locale string                    locale for users (default "en")
+      --lockPassword                     lock password
+  -l, --log string                       log output (default "stdout")
+      --minimumPasswordLength uint       minimum password length for new users (default 12)
+      --perm.admin                       admin perm for users
+      --perm.create                      create perm for users (default true)
+      --perm.delete                      delete perm for users (default true)
+      --perm.download                    download perm for users (default true)
+      --perm.execute                     execute perm for users (default true)
+      --perm.modify                      modify perm for users (default true)
+      --perm.rename                      rename perm for users (default true)
+      --perm.share                       share perm for users (default true)
+  -p, --port string                      port to listen on (default "8080")
+      --recaptcha.host string            use another host for ReCAPTCHA. recaptcha.net might be useful in China (default "https://www.google.com")
+      --recaptcha.key string             ReCaptcha site key
+      --recaptcha.secret string          ReCaptcha secret
+  -r, --root string                      root to prepend to relative paths (default ".")
+      --scope string                     scope for users (default ".")
+      --shell string                     shell command to which other commands should be appended
+  -s, --signup                           allow users to signup
+      --singleClick                      use single clicks only
+      --socket string                    socket to listen to (cannot be used with address, port, cert nor key flags)
+      --sorting.asc                      sorting by ascending order
+      --sorting.by string                sorting mode (name, size or modified) (default "name")
+      --tokenExpirationTime string       user session timeout (default "2h")
+      --tus.chunkSize uint               the tus chunk size (default 10485760)
+      --tus.retryCount uint16            the tus retry count (default 5)
+      --viewMode string                  view mode for users (default "list")
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser config](filebrowser-config.md)	 - Configuration management utility
+

www/docs/cli/filebrowser-config-set.md

@@ -0,0 +1,83 @@
+# filebrowser config set
+
+Updates the configuration
+
+## Synopsis
+
+Updates the configuration. Set the flags for the options
+you want to change. Other options will remain unchanged.
+
+```
+filebrowser config set [flags]
+```
+
+## Options
+
+```
+      --aceEditorTheme string            ace editor's syntax highlighting theme for users
+  -a, --address string                   address to listen on (default "127.0.0.1")
+      --auth.command string              command for auth.method=hook
+      --auth.header string               HTTP header for auth.method=proxy
+      --auth.method string               authentication type (default "json")
+  -b, --baseURL string                   base url
+      --branding.color string            set the theme color
+      --branding.disableExternal         disable external links such as GitHub links
+      --branding.disableUsedPercentage   disable used disk percentage graph
+      --branding.files string            path to directory with images and custom styles
+      --branding.name string             replace 'File Browser' by this name
+      --branding.theme string            set the theme
+  -t, --cert string                      tls certificate
+      --commands strings                 a list of the commands a user can execute
+      --createUserDir                    generate user's home directory automatically
+      --dateFormat                       use date format (true for absolute time, false for relative)
+      --dirMode string                   mode bits that new directories are created with (default "0o750")
+      --disableExec                      disables Command Runner feature (default true)
+      --disablePreviewResize             disable resize of image previews
+      --disableThumbnails                disable image thumbnails
+      --disableTypeDetectionByHeader     disables type detection by reading file headers
+      --fileMode string                  mode bits that new files are created with (default "0o640")
+  -h, --help                             help for set
+      --hideDotfiles                     hide dotfiles
+      --hideLoginButton                  hide login button from public pages
+  -k, --key string                       tls key
+      --locale string                    locale for users (default "en")
+      --lockPassword                     lock password
+  -l, --log string                       log output (default "stdout")
+      --minimumPasswordLength uint       minimum password length for new users (default 12)
+      --perm.admin                       admin perm for users
+      --perm.create                      create perm for users (default true)
+      --perm.delete                      delete perm for users (default true)
+      --perm.download                    download perm for users (default true)
+      --perm.execute                     execute perm for users (default true)
+      --perm.modify                      modify perm for users (default true)
+      --perm.rename                      rename perm for users (default true)
+      --perm.share                       share perm for users (default true)
+  -p, --port string                      port to listen on (default "8080")
+      --recaptcha.host string            use another host for ReCAPTCHA. recaptcha.net might be useful in China (default "https://www.google.com")
+      --recaptcha.key string             ReCaptcha site key
+      --recaptcha.secret string          ReCaptcha secret
+  -r, --root string                      root to prepend to relative paths (default ".")
+      --scope string                     scope for users (default ".")
+      --shell string                     shell command to which other commands should be appended
+  -s, --signup                           allow users to signup
+      --singleClick                      use single clicks only
+      --socket string                    socket to listen to (cannot be used with address, port, cert nor key flags)
+      --sorting.asc                      sorting by ascending order
+      --sorting.by string                sorting mode (name, size or modified) (default "name")
+      --tokenExpirationTime string       user session timeout (default "2h")
+      --tus.chunkSize uint               the tus chunk size (default 10485760)
+      --tus.retryCount uint16            the tus retry count (default 5)
+      --viewMode string                  view mode for users (default "list")
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser config](filebrowser-config.md)	 - Configuration management utility
+

www/docs/cli/filebrowser-config.md

@@ -0,0 +1,30 @@
+# filebrowser config
+
+Configuration management utility
+
+## Synopsis
+
+Configuration management utility.
+
+## Options
+
+```
+  -h, --help   help for config
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser](filebrowser.md)	 - A stylish web-based file browser
+* [filebrowser config cat](filebrowser-config-cat.md)	 - Prints the configuration
+* [filebrowser config export](filebrowser-config-export.md)	 - Export the configuration to a file
+* [filebrowser config import](filebrowser-config-import.md)	 - Import a configuration file
+* [filebrowser config init](filebrowser-config-init.md)	 - Initialize a new database
+* [filebrowser config set](filebrowser-config-set.md)	 - Updates the configuration
+

www/docs/cli/filebrowser-hash.md

@@ -0,0 +1,29 @@
+# filebrowser hash
+
+Hashes a password
+
+## Synopsis
+
+Hashes a password using bcrypt algorithm.
+
+```
+filebrowser hash <password> [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for hash
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser](filebrowser.md)	 - A stylish web-based file browser
+

www/docs/cli/filebrowser-rules-add.md

@@ -0,0 +1,33 @@
+# filebrowser rules add
+
+Add a global rule or user rule
+
+## Synopsis
+
+Add a global rule or user rule.
+
+```
+filebrowser rules add <path|expression> [flags]
+```
+
+## Options
+
+```
+  -a, --allow   indicates this is an allow rule
+  -h, --help    help for add
+  -r, --regex   indicates this is a regex rule
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+  -i, --id uint           id of user to which the rules apply
+  -u, --username string   username of user to which the rules apply
+```
+
+## See Also
+
+* [filebrowser rules](filebrowser-rules.md)	 - Rules management utility
+

www/docs/cli/filebrowser-rules-ls.md

@@ -0,0 +1,31 @@
+# filebrowser rules ls
+
+List global rules or user specific rules
+
+## Synopsis
+
+List global rules or user specific rules.
+
+```
+filebrowser rules ls [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for ls
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+  -i, --id uint           id of user to which the rules apply
+  -u, --username string   username of user to which the rules apply
+```
+
+## See Also
+
+* [filebrowser rules](filebrowser-rules.md)	 - Rules management utility
+

www/docs/cli/filebrowser-rules-rm.md

@@ -0,0 +1,40 @@
+# filebrowser rules rm
+
+Remove a global rule or user rule
+
+## Synopsis
+
+Remove a global rule or user rule. The provided index
+is the same that's printed when you run 'rules ls'. Note
+that after each removal/addition, the index of the
+commands change. So be careful when removing them after each
+other.
+
+You can also specify an optional parameter (index_end) so
+you can remove all commands from 'index' to 'index_end',
+including 'index_end'.
+
+```
+filebrowser rules rm <index> [index_end] [flags]
+```
+
+## Options
+
+```
+  -h, --help         help for rm
+      --index uint   index of rule to remove
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+  -i, --id uint           id of user to which the rules apply
+  -u, --username string   username of user to which the rules apply
+```
+
+## See Also
+
+* [filebrowser rules](filebrowser-rules.md)	 - Rules management utility
+

www/docs/cli/filebrowser-rules.md

@@ -0,0 +1,34 @@
+# filebrowser rules
+
+Rules management utility
+
+## Synopsis
+
+On each subcommand you'll have available at least two flags:
+"username" and "id". You must either set only one of them
+or none. If you set one of them, the command will apply to
+an user, otherwise it will be applied to the global set or
+rules.
+
+## Options
+
+```
+  -h, --help              help for rules
+  -i, --id uint           id of user to which the rules apply
+  -u, --username string   username of user to which the rules apply
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser](filebrowser.md)	 - A stylish web-based file browser
+* [filebrowser rules add](filebrowser-rules-add.md)	 - Add a global rule or user rule
+* [filebrowser rules ls](filebrowser-rules-ls.md)	 - List global rules or user specific rules
+* [filebrowser rules rm](filebrowser-rules-rm.md)	 - Remove a global rule or user rule
+

www/docs/cli/filebrowser-users-add.md

@@ -0,0 +1,48 @@
+# filebrowser users add
+
+Create a new user
+
+## Synopsis
+
+Create a new user and add it to the database.
+
+```
+filebrowser users add <username> <password> [flags]
+```
+
+## Options
+
+```
+      --aceEditorTheme string   ace editor's syntax highlighting theme for users
+      --commands strings        a list of the commands a user can execute
+      --dateFormat              use date format (true for absolute time, false for relative)
+  -h, --help                    help for add
+      --hideDotfiles            hide dotfiles
+      --locale string           locale for users (default "en")
+      --lockPassword            lock password
+      --perm.admin              admin perm for users
+      --perm.create             create perm for users (default true)
+      --perm.delete             delete perm for users (default true)
+      --perm.download           download perm for users (default true)
+      --perm.execute            execute perm for users (default true)
+      --perm.modify             modify perm for users (default true)
+      --perm.rename             rename perm for users (default true)
+      --perm.share              share perm for users (default true)
+      --scope string            scope for users (default ".")
+      --singleClick             use single clicks only
+      --sorting.asc             sorting by ascending order
+      --sorting.by string       sorting mode (name, size or modified) (default "name")
+      --viewMode string         view mode for users (default "list")
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser users](filebrowser-users.md)	 - Users management utility
+

www/docs/cli/filebrowser-users-export.md

@@ -0,0 +1,30 @@
+# filebrowser users export
+
+Export all users to a file.
+
+## Synopsis
+
+Export all users to a json or yaml file. Please indicate the
+path to the file where you want to write the users.
+
+```
+filebrowser users export <path> [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for export
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser users](filebrowser-users.md)	 - Users management utility
+

www/docs/cli/filebrowser-users-find.md

@@ -0,0 +1,29 @@
+# filebrowser users find
+
+Find a user by username or id
+
+## Synopsis
+
+Find a user by username or id. If no flag is set, all users will be printed.
+
+```
+filebrowser users find <id|username> [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for find
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser users](filebrowser-users.md)	 - Users management utility
+

www/docs/cli/filebrowser-users-import.md

@@ -0,0 +1,34 @@
+# filebrowser users import
+
+Import users from a file
+
+## Synopsis
+
+Import users from a file. The path must be for a json or yaml
+file. You can use this command to import new users to your
+installation. For that, just don't place their ID on the files
+list or set it to 0.
+
+```
+filebrowser users import <path> [flags]
+```
+
+## Options
+
+```
+  -h, --help        help for import
+      --overwrite   overwrite users with the same id/username combo
+      --replace     replace the entire user base
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser users](filebrowser-users.md)	 - Users management utility
+

www/docs/cli/filebrowser-users-ls.md

@@ -0,0 +1,25 @@
+# filebrowser users ls
+
+List all users.
+
+```
+filebrowser users ls [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for ls
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser users](filebrowser-users.md)	 - Users management utility
+

www/docs/cli/filebrowser-users-rm.md

@@ -0,0 +1,29 @@
+# filebrowser users rm
+
+Delete a user by username or id
+
+## Synopsis
+
+Delete a user by username or id
+
+```
+filebrowser users rm <id|username> [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for rm
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser users](filebrowser-users.md)	 - Users management utility
+

www/docs/cli/filebrowser-users-update.md

@@ -0,0 +1,51 @@
+# filebrowser users update
+
+Updates an existing user
+
+## Synopsis
+
+Updates an existing user. Set the flags for the
+options you want to change.
+
+```
+filebrowser users update <id|username> [flags]
+```
+
+## Options
+
+```
+      --aceEditorTheme string   ace editor's syntax highlighting theme for users
+      --commands strings        a list of the commands a user can execute
+      --dateFormat              use date format (true for absolute time, false for relative)
+  -h, --help                    help for update
+      --hideDotfiles            hide dotfiles
+      --locale string           locale for users (default "en")
+      --lockPassword            lock password
+  -p, --password string         new password
+      --perm.admin              admin perm for users
+      --perm.create             create perm for users (default true)
+      --perm.delete             delete perm for users (default true)
+      --perm.download           download perm for users (default true)
+      --perm.execute            execute perm for users (default true)
+      --perm.modify             modify perm for users (default true)
+      --perm.rename             rename perm for users (default true)
+      --perm.share              share perm for users (default true)
+      --scope string            scope for users (default ".")
+      --singleClick             use single clicks only
+      --sorting.asc             sorting by ascending order
+      --sorting.by string       sorting mode (name, size or modified) (default "name")
+  -u, --username string         new username
+      --viewMode string         view mode for users (default "list")
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser users](filebrowser-users.md)	 - Users management utility
+

www/docs/cli/filebrowser-users.md

@@ -0,0 +1,32 @@
+# filebrowser users
+
+Users management utility
+
+## Synopsis
+
+Users management utility.
+
+## Options
+
+```
+  -h, --help   help for users
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser](filebrowser.md)	 - A stylish web-based file browser
+* [filebrowser users add](filebrowser-users-add.md)	 - Create a new user
+* [filebrowser users export](filebrowser-users-export.md)	 - Export all users to a file.
+* [filebrowser users find](filebrowser-users-find.md)	 - Find a user by username or id
+* [filebrowser users import](filebrowser-users-import.md)	 - Import users from a file
+* [filebrowser users ls](filebrowser-users-ls.md)	 - List all users.
+* [filebrowser users rm](filebrowser-users-rm.md)	 - Delete a user by username or id
+* [filebrowser users update](filebrowser-users-update.md)	 - Updates an existing user
+

www/docs/cli/filebrowser-version.md

@@ -0,0 +1,25 @@
+# filebrowser version
+
+Print the version number
+
+```
+filebrowser version [flags]
+```
+
+## Options
+
+```
+  -h, --help   help for version
+```
+
+## Options inherited from parent commands
+
+```
+  -c, --config string     config file path
+  -d, --database string   database path (default "./filebrowser.db")
+```
+
+## See Also
+
+* [filebrowser](filebrowser.md)	 - A stylish web-based file browser
+

www/docs/cli/filebrowser.md

@@ -0,0 +1,81 @@
+# filebrowser
+
+A stylish web-based file browser
+
+## Synopsis
+
+File Browser CLI lets you create the database to use with File Browser,
+manage your users and all the configurations without accessing the
+web interface.
+
+If you've never run File Browser, you'll need to have a database for
+it. Don't worry: you don't need to setup a separate database server.
+We're using Bolt DB which is a single file database and all managed
+by ourselves.
+
+For this command, all flags are available as environmental variables,
+except for "--config", which specifies the configuration file to use.
+The environment variables are prefixed by "FB_" followed by the flag name in
+UPPER_SNAKE_CASE. For example, the flag "--disablePreviewResize" is available
+as FB_DISABLE_PREVIEW_RESIZE.
+
+If "--config" is not specified, File Browser will look for a configuration
+file named .filebrowser.{json, toml, yaml, yml} in the following directories:
+
+- ./
+- $HOME/
+- /etc/filebrowser/
+
+The precedence of the configuration values are as follows:
+
+- Flags
+- Environment variables
+- Configuration file
+- Database values
+- Defaults
+
+Also, if the database path doesn't exist, File Browser will enter into
+the quick setup mode and a new database will be bootstrapped and a new
+user created with the credentials from options "username" and "password".
+
+```
+filebrowser [flags]
+```
+
+## Options
+
+```
+  -a, --address string                 address to listen on (default "127.0.0.1")
+  -b, --baseURL string                 base url
+      --cacheDir string                file cache directory (disabled if empty)
+  -t, --cert string                    tls certificate
+  -c, --config string                  config file path
+  -d, --database string                database path (default "./filebrowser.db")
+      --disableExec                    disables Command Runner feature (default true)
+      --disablePreviewResize           disable resize of image previews
+      --disableThumbnails              disable image thumbnails
+      --disableTypeDetectionByHeader   disables type detection by reading file headers
+  -h, --help                           help for filebrowser
+      --imageProcessors int            image processors count (default 4)
+  -k, --key string                     tls key
+  -l, --log string                     log output (default "stdout")
+      --noauth                         use the noauth auther when using quick setup
+      --password string                hashed password for the first user when using quick setup
+  -p, --port string                    port to listen on (default "8080")
+  -r, --root string                    root to prepend to relative paths (default ".")
+      --socket string                  socket to listen to (cannot be used with address, port, cert nor key flags)
+      --socketPerm uint32              unix socket file permissions (default 438)
+      --tokenExpirationTime string     user session timeout (default "2h")
+      --username string                username for the first user when using quick setup (default "admin")
+```
+
+## See Also
+
+* [filebrowser cmds](filebrowser-cmds.md)	 - Command runner management utility
+* [filebrowser completion](filebrowser-completion.md)	 - Generate the autocompletion script for the specified shell
+* [filebrowser config](filebrowser-config.md)	 - Configuration management utility
+* [filebrowser hash](filebrowser-hash.md)	 - Hashes a password
+* [filebrowser rules](filebrowser-rules.md)	 - Rules management utility
+* [filebrowser users](filebrowser-users.md)	 - Users management utility
+* [filebrowser version](filebrowser-version.md)	 - Print the version number
+

www/docs/command-execution.md

@@ -0,0 +1,54 @@
+# Command Execution
+
+> [!CAUTION]
+>
+> The **hook runner** and **interactive shell** functionalities have been disabled for all existent and new installations by default from version v2.33.8 and onwards, due to continuous and known security vulnerabilities. You should only use this feature if you are aware of all of the security risks involved. For more up to date information, consult issue [#5199](https://github.com/filebrowser/filebrowser/issues/5199).
+
+## Hook Runner
+
+The hook runner is a feature that enables you to execute any shell command you want before or after a certain event. Right now, these are the events:
+
+* Copy
+* Rename
+* Upload
+* Delete
+* Save
+
+Also, during the execution of the commands set for those hooks, there will be some environment variables available to help you perform your commands:
+
+* `FILE` with the full absolute path to the changed file.
+* `SCOPE` with the path to user's scope.
+* `TRIGGER` with the name of the event.
+* `USERNAME` with the user's username.
+* `DESTINATION` with the absolute path to the destination. Only used for **copy** and **rename.**
+
+At this moment, you can edit the commands via the command line interface, using the following commands \(please check the flag `--help` to know more about them\):
+
+```bash
+filebrowser cmds add before_copy "echo $FILE"
+filebrowser cmds rm before_copy 0
+filebrowser cmds ls
+```
+
+Or you can use the web interface to manage them via **Settings** → **Global Settings**.
+
+## Interactive Shell
+
+Within File Browser you can toggle the shell (`< >` icon at the top right) and this will open a shell command window at the bottom of the screen. This functionality can be turned on using the environment variable `FB_DISABLE_EXEC=false` or the flag `--disable-exec=false`.
+
+By default no commands are available as the command list is empty. To enable commands these need to either be done on a per-user basis (including for the Admin user).
+
+You can do this by adding them in Settings > User Management > (edit user) > Commands or to *apply to all new users created from that point forward* they can be set in Settings > Global Settings
+
+> [!NOTE]
+> 
+> If using a proxy manager then remember to enable websockets support for the File Browser proxy
+
+> [!NOTE]
+> 
+> If using Docker and you want to add a new command that is not in the base image then you will need to build a custom Docker image using `filebrowser/filebrowser` as a base image.  For example to add 7z:
+> 
+> ```docker
+> FROM filebrowser/filebrowser
+> RUN sudo apt install p7zip-full
+> ```

www/docs/configuration.md

@@ -1,158 +0,0 @@
-# Configuration
-
-Most of the configuration can be understood through the command line interface documentation. To access it, you need to install File Browser and run `filebrowser --help`. In this page, we cover some specific, more complex, topics.
-
-## Flags as Environment Variables
-
-In some situations, it is easier to use environment variables instead of flags. For example, if you're using our provided Docker image, it's easier for you to use environment variables to customize the settings instead of flags.
-
-All flags should be available as environment variables prefixed with `FB_`. For example, the flag `--disable-thumbnails` is available as `FB_DISABLE_THUMBNAILS`.
-
-## Custom Branding
-
-You can customize File Browser to use your own branding. This includes the following:
-
-- **Name**: the name of the instance that shows up on the tab title, login pages, and some other places.
-- **Disable External Links**: disables all external links, except to the documentation.
-- **Disable Used Percentage**: disables the disk usage information on the sidebar.
-- **Branding Folder**: directory which can contain two items:
-    - `custom.css`, containing a global stylesheet to apply to all users.
-    - `img`, a directory which can replace all the [default logotypes](https://github.com/filebrowser/filebrowser/tree/master/frontend/public/img) from the application.
-
-This can be configured by the administrator user, under **Settings → Global Settings**. You can also update the configuration directly using the CLI:
-
-```sh
-filebrowser config set --branding.name "My Name" \
-  --branding.files "/abs/path/to/my/dir" \
-  --branding.disableExternal
-```
-
-> [!NOTE] 
->
-> If you are using Docker, you need to mount a volume with the `branding` directory in order for it to be accessible from within the container.
-
-### Custom Icons
-
-To replace the default logotype and favicons, you need to create an `img` directory under the branding directory. The structure of this directory must mimic the one from the [default logotypes](https://github.com/filebrowser/filebrowser/tree/master/frontend/public/img):
-
-```
-img/
-  logo.svg
-  icons/
-    favicon.ico
-    favicon.svg
-    (...)
-```
-
-Note that there are different versions of the same favicon in multiple sizes. To replace all of them, you need to add versions for all of them. You can use the [Real Favicon Generator](https://realfavicongenerator.net/) to generate these for you from your base image. 
-
-> [!NOTE]
->
-> The icons are cached by the browser, so you may not see your changes immediately. You can address this by clearing your browser's cache.
-
-## Authentication Method
-
-Right now, there are three possible authentication methods. Each one of them has its own capabilities and specification. If you are interested in contributing with one more authentication method, please [check the guidelines](contributing.md).
-
-### JSON Auth (default)
-
-We call it JSON Authentication but it is just the default authentication method and the one that is provided by default if you don't make any changes. It is set by default, but if you've made changes before you can revert to using JSON auth:
-
-```sh
-filebrowser config set --auth.method=json
-```
-
-This method can also be extended with **reCAPTCHA** verification during login:
-
-```sh
-filebrowser config set --auth.method=json \
-  --recaptcha.key site-key \
-  --recaptcha.secret private-key
-```
-
-By default, we use [Google's reCAPTCHA](https://developers.google.com/recaptcha/docs/display) service. If you live in China, or want to use other provider, you can change the host with the following command:
-
-```sh
-filebrowser config set --recaptcha.host https://recaptcha.net
-```
-
-Where `https://recaptcha.net` is any provider you want.
-
-### Proxy Header
-
-If you have a reverse proxy you want to use to login your users, you do it via our `proxy` authentication method. To configure this method, your proxy must send an HTTP header containing the username of the logged in user:
-
-```sh
-filebrowser config set --auth.method=proxy --auth.header=X-My-Header
-```
-
-Where `X-My-Header` is the HTTP header provided by your proxy with the username.
-
-> [!WARNING]
-> 
-> File Browser will blindly trust the provided header. If the proxy can be bypassed, an attacker could simply attach the header and get admin access.
-
-### No Authentication
-
-We also provide a no authentication mechanism for users that want to use File Browser privately such in a home network. By setting this authentication method, the user with **id 1** will be used as the default users. Creating more users won't have any effect.
-
-```sh
-filebrowser config set --auth.method=noauth
-```
-
-## Command Runner
-
-> [!CAUTION]
->
-> The **command execution** functionality has been disabled for all existent and new installations by default from version v2.33.8 and onwards, due to continuous and known security vulnerabilities. You should only use this feature if you are aware of all of the security risks involved. For more up to date information, consult issue [#5199](https://github.com/filebrowser/filebrowser/issues/5199).
-
-The command runner is a feature that enables you to execute any shell command you want before or after a certain event. Right now, these are the events:
-
-* Copy
-* Rename
-* Upload
-* Delete
-* Save
-
-Also, during the execution of the commands set for those hooks, there will be some environment variables available to help you perform your commands:
-
-* `FILE` with the full absolute path to the changed file.
-* `SCOPE` with the path to user's scope.
-* `TRIGGER` with the name of the event.
-* `USERNAME` with the user's username.
-* `DESTINATION` with the absolute path to the destination. Only used for **copy** and **rename.**
-
-At this moment, you can edit the commands via the command line interface, using the following commands \(please check the flag `--help` to know more about them\):
-
-```bash
-filebrowser cmds add before_copy "echo $FILE"
-filebrowser cmds rm before_copy 0
-filebrowser cmds ls
-```
-
-Or you can use the web interface to manage them via **Settings** → **Global Settings**.
-
-## Command Execution
-
-> [!CAUTION]
->
-> The **command execution** functionality has been disabled for all existent and new installations by default from version v2.33.8 and onwards, due to continuous and known security vulnerabilities. You should only use this feature if you are aware of all of the security risks involved. For more up to date information, consult issue [#5199](https://github.com/filebrowser/filebrowser/issues/5199).
-
-Within File Browser you can toggle the shell (`< >` icon at the top right) and this will open a shell command window at the bottom of the screen. This functionality can be turned on using the environment variable `FB_DISABLE_EXEC=false` or the flag `--disable-exec=false`.
-
-By default no commands are available as the command list is empty. To enable commands these need to either be done on a per-user basis (including for the Admin user).
-
-You can do this by adding them in Settings > User Management > (edit user) > Commands or to *apply to all new users created from that point forward* they can be set in Settings > Global Settings
-
-> [!NOTE]
-> 
-> If using a proxy manager then remember to enable websockets support for the File Browser proxy
-
-> [!NOTE]
-> 
-> If using Docker and you want to add a new command that is not in the base image then you will need to build a custom Docker image using `filebrowser/filebrowser` as a base image.  For example to add 7z:
-> 
-> ```docker
-> FROM filebrowser/filebrowser
-> RUN sudo apt install p7zip-full
-> ```

www/docs/customization.md

@@ -0,0 +1,45 @@
+# Customization
+
+You can customize the styles, branding and icons of your File Browser instance in order to give it a personal touch.
+
+## Custom Branding
+
+You can customize File Browser to use your own branding. This includes the following:
+
+- **Name**: the name of the instance that shows up on the tab title, login pages, and some other places.
+- **Disable External Links**: disables all external links, except to the documentation.
+- **Disable Used Percentage**: disables the disk usage information on the sidebar.
+- **Branding Folder**: directory which can contain two items:
+  - `custom.css`, containing a global stylesheet to apply to all users.
+  - `img`, a directory which can replace all the [default logotypes](https://github.com/filebrowser/filebrowser/tree/master/frontend/public/img) from the application.
+
+This can be configured by the administrator user, under **Settings → Global Settings**. You can also update the configuration directly using the [CLI](cli/filebrowser-config-set.md):
+
+```sh
+filebrowser config set --branding.name "My Name" \
+  --branding.files "/abs/path/to/my/dir" \
+  --branding.disableExternal
+```
+
+> [!NOTE] 
+>
+> If you are using Docker, you need to mount a volume with the `branding` directory in order for it to be accessible from within the container.
+
+### Custom Icons
+
+To replace the default logotype and favicons, you need to create an `img` directory under the branding directory. The structure of this directory must mimic the one from the [default logotypes](https://github.com/filebrowser/filebrowser/tree/master/frontend/public/img):
+
+```
+img/
+  logo.svg
+  icons/
+    favicon.ico
+    favicon.svg
+    (...)
+```
+
+Note that there are different versions of the same favicon in multiple sizes. To replace all of them, you need to add versions for all of them. You can use the [Real Favicon Generator](https://realfavicongenerator.net/) to generate these for you from your base image. 
+
+> [!NOTE]
+>
+> The icons are cached by the browser, so you may not see your changes immediately. You can address this by clearing your browser's cache.

www/docs/installation.md

@@ -88,6 +88,6 @@ Your instance is now up and running. File Browser will automatically bootstrap a
 >
 > The automatically generated password for the user `admin` is only displayed once. If you fail to remember it, you will need to manually delete the database and start File Browser again.
 
-Although this is the fastest way to bootstrap an instance, we recommend you to take a look at other possible options, by checking `config init --help` and `config set --help`, to make the installation as safe and customized as it can be.
+Although this is the fastest way to bootstrap an instance, we recommend you to take a look at other possible options, by checking [`config init`](cli/filebrowser-config-init.md) and [`config set`](cli/filebrowser-config-set.md), to make the installation as safe and customized as it can be.
 
 If your goal is to have a public-facing deployment, we recommend taking a look at the [deployment](deployment.md) page for more information on how you can secure your installation.

www/docs/troubleshooting.md

@@ -0,0 +1,9 @@
+# Troubleshooting
+
+## Session Timeout
+
+By default, user sessions expire after **2 hours**. If you're uploading large files over slower connections, you may need to increase this timeout to prevent sessions from expiring mid-upload. You can configure the session timeout using the `tokenExpirationTime` setting.
+
+You can either set this option during runtime by using the flag `--tokenExpirationTime`, the environment variable `FB_TOKEN_EXPIRATION_TIME`, or in your configuration file. If you want to persist this to the configuration, please use [`filebrowser config set`](cli/filebrowser-config-set.md).
+
+Valid duration formats include `"2h"`, `"30m"`, `"24h"`, or combinations like `"2h30m"`.

www/mkdocs.yml

@@ -34,8 +34,6 @@ theme:
   features:
     - navigation.tabs
     - navigation.tabs.sticky
-    - navigation.sections
-    - navigation.expand
     - navigation.indexes
     - navigation.top
     - navigation.instant
@@ -44,7 +42,6 @@ theme:
     - search.share
     - content.code.copy
     - toc.follow
-    - toc.integrate
 
   icon:
     repo: fontawesome/brands/github
@@ -97,10 +94,45 @@ extra:
 
 nav:
   - Home: index.md
-  - Getting Started:
+  - Documentation:
     - Installation: installation.md
-    - Configuration: configuration.md
+    - Configuration:
+      - customization.md
+      - authentication.md
+      - command-execution.md
+    - Troubleshooting: troubleshooting.md
     - Deployment: deployment.md
+    - Command Line Usage:
+      - cli/filebrowser.md
+      - cli/filebrowser-cmds.md
+      - cli/filebrowser-cmds-add.md
+      - cli/filebrowser-cmds-ls.md
+      - cli/filebrowser-cmds-rm.md
+      - cli/filebrowser-completion.md
+      - cli/filebrowser-completion-bash.md
+      - cli/filebrowser-completion-fish.md
+      - cli/filebrowser-completion-powershell.md
+      - cli/filebrowser-completion-zsh.md
+      - cli/filebrowser-config.md
+      - cli/filebrowser-config-cat.md
+      - cli/filebrowser-config-export.md
+      - cli/filebrowser-config-import.md
+      - cli/filebrowser-config-init.md
+      - cli/filebrowser-config-set.md
+      - cli/filebrowser-hash.md
+      - cli/filebrowser-rules.md
+      - cli/filebrowser-rules-add.md
+      - cli/filebrowser-rules-ls.md
+      - cli/filebrowser-rules-rm.md
+      - cli/filebrowser-users.md
+      - cli/filebrowser-users-add.md
+      - cli/filebrowser-users-export.md
+      - cli/filebrowser-users-find.md
+      - cli/filebrowser-users-import.md
+      - cli/filebrowser-users-ls.md
+      - cli/filebrowser-users-rm.md
+      - cli/filebrowser-users-update.md
+      - cli/filebrowser-version.md
   - Contributing:
     - Contributing: contributing.md
     - Code of Conduct: code-of-conduct.md